18 Jul 1998
The page uses Damping Ring group space as an example.
Please substitute your AFS WWW subdirectory for
/afs/slac/www/grp/ad/addr
,
your "all" AFS group for g-www:g-addr
,
and your "owner" AFS group for g-www:owner-g-addr
.
Your subdirectory and the AFS groups are in the email you receive
announcing their creation.
For the purposes of this example, the damping ring production Web space has been
set up. You are one of its owners. As an "owner" of
/afs/slac/www/grp/ad/addr
space,
you have certain duties and powers regarding access and space usage.
By default you may write and perform "all" AFS actions in this
subdirectory and any sub-subdirs under it because you are a member of
the AFS group g-www:g-addr
.
To see who's in this group, issue the command:
pts member g-www:g-addr
For more information, read Introduction to AFS Commands for WWW Authors.
You are also the "owner" of this "write" group by virtue of being
in the associated AFS group g-www:owner-g-addr
.
This means you control who's in group g-www:g-addr
.
g-www:g-addr
so that that person may add, modify, and delete files in the
.../grp/ad/addr
subdir, the potential member must
first have obtained AFS privileges for his or her UNIX account.
Only then may you issue the necessary AFS commands to add the user to or delete
the person from the group.
pts examine username
where username is thought to be a valid UNIX user name.
If the output is something like:
Name: username, id: 2222, owner: system:administrators, creator: sysctl,
membership: 11, flags: S----, group quota: 19.
the account is a UNIX account that has been authorized for AFS. You may proceed to Modifying the AFS Group.
If the output is something like:
pts: User or group doesn't exist so couldn't look up id for username
the username is not authorized for AFS.
Next check to see if the username is a valid UNIX account by issuing the command:
ypmatch username passwd
If the output is something like:
username:J3iuQsf0Mx..o:2222:1000:Firstname Lastname:/u/sf/username:/bin/tcsh
the username is a valid UNIX account.
If the output is something like:
ypmatch: 1831-150 Cannot match key username in map passwd.byname.
Reason: no such key in map.
the user needs to get a UNIX account.
After the UNIX account has been established, the user may obtain AFS privileges for it by issuing the command:
afsacct
and following the prompts.
There are actually two UNIX passwords now, the regular UNIX one and and an AFS one. It is generally easier to set both to the same value. (We're moving in a direction of have only one, encrypted password; but we won't be there for a while yet.)
g-www:g-addr
.
The next instructions assume you are already familiar with basic AFS
commands like tokens
and klog
.
If not, please take a few minutes to review the SLAC
AFS Users' Guide
or obtain a printed copy at the Help Desk.
As a member of group g-www:owner-g-addr
,
you issue the AFS command:
pts adduser -user username -group g-www:g-addr
where username is the AFS-privileged user name of the person being added.
To see the syntax of the pts adduser
command, issue:
pts adduser -help
To make sure he or she has gotten in OK, issue:
pts member g-www:g-addr
If you need to remove a member of the group, issue:
pts removeuser -user username -group g-www:g-addr
where username is an AFS user name in the group.
/afs/slac/www/grp/ad/addr
, issue the command:
fs listacl /afs/slac/www/grp/ad/addr
This displays the subdir's Access Control List (ACL).
In addition to the group g-www:g-addr
,
you will see g-www:g-admin
,
which gives authorized people on the WWW-Tech Committee emergency
access, and three "system" groups described in the subsection
"A Typical SLAC Directory" in the
AFS Users' Guide.
To see the syntax of the fs listacl
command, issue:
fs listacl -help
www.grp.ad.addr
,
mounted at /afs/slac/www/grp/ad/addr
.
This means you are not affected by being on a shared volume used by many groups when someone else suddenly takes up a lot of space. It also means you are responsible for monitoring the fullness of your own AFS volume. To query the percentage used, issue the command:
fs listquota /afs/slac/www/grp/ad/addr
To see all volumes associated with any subdirectories in the
addr
subdirectory (one level down only) and
their usage, issue the command:
fs listquota /afs/slac/www/grp/ad/addr/*
To see the syntax of the fs listquota
command
fs listquota -help
If you find your volume getting full, send email to
unix-admin@slac.stanford.edu
requesting more.
If you know you will be
needing a large amount more, please give unix-admin
advance notice.
Again, you may find more information about AFS at SLAC in the AFS Users' Guide. If you have any suggestions for how to make this document more useful, please send feedback here.
Winters