AFS Notes--------------------------------------------------------(tg 1/10/96)

                          AFS Command Summary (/usr/afsws/bin)
                          ===================
<user commands>
fs    (FileSystem) - commands to manage files and ACLs
klog  - obtain authentication token
knfs  - obtain authentication from non-AFS system (NFS) via translator
kpasswd - change authentication password
pts   (ProTection Server) - commands to manage ACL groups
rcp - afs replacement for normal rcp
rsh - afs replacement for normal rsh
tokens - display all tokens
unlog - discard all tokens

(note: "rlogin" and "rdist" are not AFS aware)

<system/admin commands>
afsmonitor    - command to monitor afs server and caching activities
backup        - manage the "backup database"
bos           - manage file servers and entire afs system
bosserver     - initialize bos server
budb_convert  - convert AFS database from one release's format to another
buserver      - initialize backup server
butc          - initialize tape coordinator process
fileserver    - initialize a file server
fms           - determine tape capacity
kas           - manage the authentication database
kdb           - read authentication logs
login         - afs replacement for Unix login
package       - configure local disk(s)
pagsh         - create new process authentication group
runntp        - initialize network time protocol daemon
scout         - monitor file server(s)
translate_et  - translate error code into text message
up            - recursively copy a directory tree to another directory
upclient      - initialize client portion of Update Server
upserver      - initialize server portion of Update Server
uss           - manage user accounts
vldb_convert  - convert  Volume  Location Database between AFS versions
vlserver      - initialize Volume Location Server
volserver     - initialize   Volume  Server  component  of  fs process.
vos           - commands to manipulate volumes

--------------------------------------------------------------------------------
                    AFS common commands
                    ===================
pts: Commands are:
ad	adduser		add a user to a group
ap	apropos		search by help text
ch	chown           change ownership of a group
cg	creategroup     create a new group
cu	createuser      create a new user
del	delete          delete a user or group from database
e	examine         examine an entry
h	help            get help on commands
listm	listmax         list max id
listo	listowned       list owned groups
mem	membership      list membership of a user or group
rem	removeuser      remove a user from a group
ren	rename          rename user or group
setf	setfields       set fields for an entry
setm	setmax          set max id

fs: Commands are:
ap	apropos         search by help text
checks	checkservers    check local cell's servers
checkv	checkvolumes    check volumeID/name mappings
cl	cleanacl        clean up access control list
co	copyacl         copy access control list
de	debug           set debugging info
df	diskfree        show server disk space usage
exa/lv	examine         display volume status
exp	exportafs       enable/disable translators to AFS
	flush           flush file from cache
flushv	flushvolume     flush all data in volume
getca	getcacheparms   get cache usage info
getce	getcellstatus   get cell status
gets/gp	getserverprefs  get file server ranks
h	help            get help on commands
la	listacl         list access control list
listc	listcells       list configured cells
lq	listquota       list volume quota
ls	lsmount         list mount point
me	messages        control Cache Manager messages
	mkmount         make mount point
	monitor         set cache monitor host address
	newcell         configure new cell
q	quota           show volume quota usage
rm	rmmount         remove mount point
sa	setacl          set access control list
setca	setcachesize    set cache size
setce	setcell         set cell status
sq	setquota        set volume quota
sets/sp	setserverprefs  set file server ranks
sv	setvol          set volume status
sy	sysname         get/set sysname (i.e. @sys) value
whe	whereis         list file's location
whi	whichcell       list file's cell
ws	wscell          list workstation's cell

--------------------------------------------------------------------------------
                    AFS file permissions
                    ====================
    r	READ the contents of files in the directory
    w	WRITE (modify) the contents of files in the directory
    l	LOOKUP status information about the files in the directory
    d	DELETE files from the directory
    i	INSERT new files into the directory
    k	LOCK; set read or write locks on the files in the directory
    a	ADMINISTER; change the rights on the access control list

--------------------------------------------------------------------------------
                    AFS file access control
                    =======================

Access to AFS files is controlled at the directory level via ACLs or
Access Control Lists.  For a given directory there is one ACL which
may contain one or more users or groups, each of which has some
combination of the permissions listed above.  A "group" is one or more
users conveniently clumped together with a descriptive label.

                    AFS access control groups
                    =========================

1. to create a "regular" group:
        format: pts cg <user>:<group>  [<owner>]

	$ pts cg dragon:budget
	group dragon:budget has id -266

  or to create a group owned by someone else, (typed by dragon):

	$ pts cg g-babar:read -owner g-babar
	group g-babar:test has id -502

2. to list the regular groups owned by a person:
        format: pts listo <user>

	$ pts listo dragon
	Groups owned by dragon (id: 1199) are:
	  dragon:budget

3. Add members to a regular group
        format: pts ad [-u] <user> [-g] <user>:<group>

	$ pts ad -u quarrie geddes dragon -g dragon:budget 

4. show members of a regular group
        format: pts mem <user>:<group>

	$ pts mem dragon:budget
	Members of dragon:budget (id: -266) are:
	  dragon
	  quarrie
	  geddes

5. examine attributes of a group
         format: pts ex <group>

	$ pts ex g-babar
	Name: g-babar, id: -271, owner: owner-g-babar, creator: admin,
	  membership: 4, flags: S-M--, group quota: 0.

6. Change the ACL for a given directory to include permissions from a new group
   (See "man fs_setacl" for more info.)
	  format: fs setacl -dir <dirName> -acl <user/group> <permissions>

	$ fs setacl -dir budget -acl dragon:budget rwlidk
or (equivalently),
	$ fs sa budget dragon:budget write


		Current BABAR AFS Structure
		===========================

(Tue 13:02) dragon@morgan05 $ pwd    
/afs/slac.stanford.edu/g/babar
(Tue 13:02) dragon@morgan05 $ fs la .
Access list for . is
Normal rights:
  g-babar:read rl
  g-babar rlidwk
  owner-g-babar rlidwka
  system:slac rl
  system:administrators rlidwka
  system:authuser rl

(Tue 13:02) dragon@morgan05 $ pts ex owner-g-babar
Name: owner-g-babar, id: -270, owner: owner-g-babar, creator: 1,
  membership: 1, flags: S-M--, group quota: 0.
(Tue 13:02) dragon@morgan05 $ pts mem owner-g-babar
Members of owner-g-babar (id: -270) are:
  dragon

(Tue 13:02) dragon@morgan05 $ pts ex g-babar
Name: g-babar, id: -271, owner: owner-g-babar, creator: 1,
  membership: 6, flags: S-M--, group quota: 0.
(Tue 13:03) dragon@morgan05 $ pts mem g-babar      
Members of g-babar (id: -271) are:
  dragon
  terryh
  frankp
  quarrie
  geddes
  jake

>>>> 11/7/95  >>>>

(Tue 13:03) dragon@morgan05 $ fs la bbsim
Access list for bbsim is
Normal rights:
  maint-g-babar-bbsim rlidwka
  system:slac rl
  system:administrators rlidwka
  system:authuser rl
(Tue 13:05) dragon@morgan05 $ pts ex maint-g-babar-bbsim
Name: maint-g-babar-bbsim, id: -485, owner: cwm-a, creator: cwm-a,
  membership: 1, flags: S-M--, group quota: 0.
(Tue 13:05) dragon@morgan05 $ pts mem maint-g-babar-bbsim
Members of maint-g-babar-bbsim (id: -485) are:
  wenaus