--- /dev/null
+# Copyright 2009, Secure Endpoints Inc.
+# All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# - Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+# - Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+# - Neither the name of Secure Endpoints Inc. nor the names of its contributors
+# may be used to endorse or promote products derived from this software without
+# specific prior written permission from Secure Endpoints Inc..
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+!INCLUDE ..\..\..\src\config\NTMakefile.$(SYS_NAME)
+!INCLUDE ..\..\..\src\config\NTMakefile.version
+
+!IFNDEF CYGWIN
+CYGWIN = c:/cygwin
+!ENDIF
+!IFNDEF DOCBOOK_XSL
+DOCBOOK_XSL = $(CYGWIN)/usr/share/docbook-xsl
+!ENDIF
+XSLTPROC = xsltproc.exe
+HTML_XSL = $(DOCBOOK_XSL)/html/chunk.xsl
+HTML_PARMS = --param navig.graphics 1 --stringparam navig.graphics.path ../
+CHM_XSL = $(DOCBOOK_XSL)/htmlhelp/htmlhelp.xsl
+
+XMLSRCS = \
+ auagd000.xml \
+ auagd005.xml \
+ auagd006.xml \
+ auagd007.xml \
+ auagd008.xml \
+ auagd009.xml \
+ auagd010.xml \
+ auagd011.xml \
+ auagd012.xml \
+ auagd013.xml \
+ auagd014.xml \
+ auagd015.xml \
+ auagd016.xml \
+ auagd017.xml \
+ auagd018.xml \
+ auagd019.xml \
+ auagd020.xml \
+ auagd021.xml \
+ auagd022.xml \
+ auagd023.xml \
+ auagd024.xml \
+ auagd025.xml \
+ auagd026.xml
+
+index.html: $(XMLSRCS)
+ @echo Building OpenAFS Administrator Guide in HTML format
+ $(XSLTPROC) $(HTML_PARMS) $(HTML_XSL) auagd000.xml
+
+htmlhelp.chm: $(XMLSRCS)
+ @echo Building OpenAFS Administrator Guide in HTML Help format
+ $(XSLTPROC) $(CHM_XSL) auagd000.xml
+ -hhc.exe htmlhelp.hhp
+ $(DEL) *.html
+ $(DEL) *.hh?
+ $(DEL) *.chw
+
+install: htmlhelp.chm index.html
+
+clean::
+ $(DEL) *.html
+ $(DEL) htmlhelp.chm
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Managing the NFS/AFS Translator</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Managing Administrative Privilege"
-HREF="c32432.html"><LINK
-REL="NEXT"
-TITLE="Using AFS Commands"
-HREF="a33826.html"></HEAD
-><BODY
-CLASS="appendix"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c32432.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="a33826.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="appendix"
-><H1
-><A
-NAME="HDRWQ595"
-></A
->Appendix A. Managing the NFS/AFS Translator</H1
-><P
->The NFS(R)/AFS(R) Translator enables users working on NFS client machines to access, create and remove files stored in AFS.
- This chapter assumes familiarity with both NFS and AFS.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ596"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN33058"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="70*"><COL
-WIDTH="30*"><TBODY
-><TR
-><TD
->Mount directory on translator machine</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Examine value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> variable</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Enable/disable reexport of AFS, set other parameters</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs exportafs</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Assign AFS tokens to user on NFS client machine</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ598"
->Overview</A
-></H1
-><P
->The NFS/AFS Translator enables users on NFS client machines to access the AFS filespace as if they are working on an AFS
- client machine, which facilitates collaboration with other AFS users.</P
-><P
->An <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->NFS/AFS translator machine</I
-></SPAN
-> (or simply <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->ltranslator machine</I
-></SPAN
->) is a machine
- configured as both an AFS client and an NFS server: <UL
-><LI
-><P
->Its AFS client functionality enables it to access the AFS filespace. The Cache Manager requests and caches files
- from AFS file server machines, and can even maintain tokens for NFS users, if you have made the configuration changes that
- enable NFS users to authenticate with AFS.</P
-></LI
-><LI
-><P
->Its NFS server functionality makes it possible for the translator machine to export the AFS filespace to NFS client
- machines. When a user on an NFS client machine mounts the translator machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->
- directory (or one of its subdirectories, if that feature is enabled), access to AFS is immediate and transparent. The NFS
- client machine does not need to run any AFS software.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ599"
->Enabling Unauthenticated or Authenticated AFS Access</A
-></H2
-><P
->By configuring the translation environment appropriately, you can provide either unauthenticated or authenticated access
- to AFS from NFS client machines. The sections of this chapter on configuring translator machines, NFS client machines, and AFS
- user accounts explain how to configure the translation environment appropriately. <UL
-><LI
-><P
->If you configure the environment for unauthenticated access, the AFS File Server considers the NFS users to be the
- user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
->. They can access only those AFS files and directories for which the
- access control list (ACL) extends the required permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group.
- They can issue only those AFS commands that do not require privilege, and then only if their NFS client machine is a
- system type for which AFS binaries are available and accessible by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
->
- group. Such users presumably do not have AFS accounts.</P
-></LI
-><LI
-><P
->If you configure the environment for authenticated access, you must create entries in the AFS Authentication and
- Protection Databases for the NFS users. The authentication procedure they use depends on whether the NFS client machine
- is a supported system type (one for which AFS binaries are available): <UL
-><LI
-><P
->If AFS binaries are available for the NFS client machine, NFS users can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command on the NFS client machine. They can access the filespace and issue AFS
- commands to the same extent as authenticated users working on AFS client machines.</P
-></LI
-><LI
-><P
->If AFS binaries are not available for the NFS client machine, NFS users must establish a connection with the
- translator machine (using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
-> utility, for example) and then issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> commands on the translator machine
- to make its Cache Manager use the tokens correctly while users work on the NFS client. They can access the AFS
- filespace as authenticated users, but cannot issue AFS commands. For instructions, see <A
-HREF="a33047.html#HDRWQ612"
->Authenticating on Unsupported NFS Client Machines</A
->.</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ600"
->Setting the AFSSERVER and AFSCONF Environment Variables</A
-></H2
-><P
->If you wish to enable your NFS users to issue AFS commands, you must define the AFSSERVER and AFSCONF environment
- variables in their command shell. This section explains the variables' function and outlines the various methods for setting
- them.</P
-><P
->Issuing AFS commands also requires that the NFS client machine is a supported system type (one for which AFS binaries
- are available and accessible). Users working on NFS client machines of unsupported system types can access AFS as
- authenticated users, but they cannot issue AFS commands. It is not necessary to define the AFSSERVER and AFSCONF variables for
- such users. For instructions on using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command to obtain authenticated access on
- unsupported system types, see <A
-HREF="a33047.html#HDRWQ612"
->Authenticating on Unsupported NFS Client Machines</A
->. </P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ601"
->The AFSSERVER Variable</A
-></H3
-><P
->The AFSSERVER variable designates the AFS client machine that performs two functions for NFS clients: <UL
-><LI
-><P
->It acts as the NFS client's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->remote executor</I
-></SPAN
-> by executing AFS-specific system calls on its
- behalf, such as those invoked by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- commands and by many commands in the AFS suites.</P
-></LI
-><LI
-><P
->Its stores the tokens that NFS users obtain when they authenticate with AFS. This implies that the remote
- executor machine and the translator machine must be the same if the user needs authenticated access to AFS.</P
-></LI
-></UL
-></P
-><P
->The choice of remote executor most directly affects commands that display or change Cache Manager configuration, such
- as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcacheparms</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcellstatus</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcell</B
-></SPAN
-> commands. When issued on an NFS client, these commands affect the Cache Manager on the
- designated remote executor machine. (Note, however, that several such commands require the issuer to be logged into the
- remote executor's local file system as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->. The ability of NFS client
- users to log in as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> is controlled by NFS, not by the NFS/AFS Translator, so setting the
- remote executor properly does not necessarily enable users on the NFS client to issue such commands.)</P
-><P
->The choice of remote executor is also relevant for AFS commands that do not concern Cache Manager configuration but
- rather have the same result on every machine, such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands that display or set
- ACLs and volume quota. These commands take an AFS path as one of their arguments. If the Cache Manager on the remote
- executor machine mounts the AFS filespace at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory, as is conventional for AFS
- clients, then the pathname specified on the NFS client must begin with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> for
- the Cache Manager to understand it. This implies that the remote executor must be the NFS client's primary translator
- machine (the one whose <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory is mounted at <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->
- on the NFS client). </P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_672"
->The AFSCONF Variable</A
-></H3
-><P
->The AFSCONF environment variable names the directory that houses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> files to use when running AFS commands issued on the NFS client machine. As on
- an AFS client, these files determine the default cell for command execution.</P
-><P
->For predictable performance, it is best that the files in the directory named by the AFSCONF variable match those in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory on the translator machine. If your cell has an AFS directory
- that serves as the central update source for files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory, it is
- simplest to set the AFSCONF variable to refer to it. In the conventional configuration, this directory is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common/etc</B
-></SPAN
->.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_673"
->Setting Values for the Variables</A
-></H3
-><P
->To learn the values of the AFSSERVER and AFSCONF variables, AFS command interpreters consult the following three
- sources in sequence: <OL
-TYPE="1"
-><LI
-><P
->The current command shell's environment variable definitions</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.AFSSERVER</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.AFSCONF</B
-></SPAN
-> file in the
- issuer's home directory</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.AFSSERVER</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.AFSCONF</B
-></SPAN
-> file in the NFS
- client machine's root (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->/</I
-></SPAN
->) directory. If the client machine is diskless, its root directory can
- reside on an NFS server machine.</P
-></LI
-></OL
-></P
-><P
->(Actually, before consulting these sources, the NFS client looks for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
->
- and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> files in its own <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory. If
- the directory exists, the NFS client does not use the value of the AFSCONF variable. However, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory usually exists only on AFS clients, not NFS clients.)</P
-><P
->As previously detailed, correct performance generally requires that the remote executor machine be the NFS client's
- primary translator machine (the one whose <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory is mounted at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory on the NFS client). The requirement holds for all users accessing AFS from the NFS
- client, so it is usually simplest to create the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.AFSSERVER</B
-></SPAN
-> file in the NFS client's root
- directory. The main reason to create the file in a user's home directory or to set the AFSSERVER environment variable in the
- current command shell is that the user needs to switch to a different translator machine, perhaps because the original one
- has become inaccessible.</P
-><P
->Similarly, it generally makes sense to create the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.AFSCONF</B
-></SPAN
-> file in the NFS client's
- root directory. Creating it in the user's home directory or setting the AFSCONF environment variable in the current command
- shell is useful mostly when there is a reason to specify a different set of database server machines for the cell, perhaps
- in a testing situation.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
-></H2
-><P
->When an application running on an AFS client machine issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsync</B
-></SPAN
-> system call on a file, the Cache Manager by default performs a synchronous write of the data to
- the File Server. (For further discussion, see <A
-HREF="c667.html#HDRWQ33"
->AFS Implements Save on Close</A
-> and <A
-HREF="c21473.html#HDRWQ418"
->Enabling Asynchronous Writes</A
->.)</P
-><P
->To avoid degrading performance for the AFS users working on a translator machine, AFS does not perform synchronous
- writes for applications running on the translator machine's NFS clients. Instead, one of the Cache Manager daemons (the
- maintenance daemon) checks every 60 seconds for chunks in the cache that contain data saved on NFS clients, and writes their
- contents to the File Server. This does not guarantee that data saved on NFS clients is written to the File Server within 60
- seconds, but only that the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->maintenance daemon</I
-></SPAN
-> checks for and begins the write of data at that
- interval.</P
-><P
->Furthermore, AFS always ignores the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsync</B
-></SPAN
-> system call as issued on an NFS client. The
- call requires an immediate and possibly time-consuming response from the File Server, which potentially causes delays for
- other AFS clients of the File Server. NFS version 3 automatically issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsync</B
-></SPAN
-> system
- call directly after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> call, but the Cache Manager ignores it and handles the
- operation just like a regular <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
->.</P
-><P
->The delayed write mechanism means that there is usually a delay between the time when an NFS application issues the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsync</B
-></SPAN
-> system call on a file and the time when the
- changes are recorded at the File Server, which is when they become visible to users working on other AFS client machines
- (either directly or on its NFS clients). The delay is likely to be longer than for files saved by users working directly on an
- AFS client machine.</P
-><P
->The exact amount of delay is difficult to predict. The NFS protocol itself allows a standard delay before saved data
- must be transferred from the NFS client to the NFS server (the translator machine). The modified data remains in the
- translator machine's AFS client cache until the maintenance daemon's next scheduled check for such data, and it takes
- additional time to transfer the data to the File Server. The maintenance daemon uses a single thread, so there can be
- additional delay if it takes more than 60 seconds to write out all of the modified NFS data. That is, if the maintenance
- daemon is still writing data at the time of the next scheduled check, it cannot notice any additional modified data until the
- scheduled time after it completes the long write operation.</P
-><P
->The Cache Manager's response to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
-> system call is the same whether it is issued
- on an AFS client machine or on an NFS client of a translator machine: it records the modifications in the local AFS client
- cache only.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ603"
->Configuring NFS/AFS Translator Machines</A
-></H1
-><P
->To act as an NFS/AFS translator machine, a machine must configured as follows: <UL
-><LI
-><P
->It must be an AFS client. Many system types supported as AFS clients can be translator machines. To learn about
- possible restrictions in a specific release of AFS, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Release Notes</I
-></SPAN
->.</P
-></LI
-><LI
-><P
->It must be an NFS server. The appropriate number of NFS server daemons (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->nfsd</B
-></SPAN
-> and
- others) depends on the anticipated NFS client load.</P
-></LI
-><LI
-><P
->It must export the local directory on which the AFS filespace is mounted, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> by
- convention.</P
-></LI
-></UL
-></P
-><P
->If users on a translator machine's NFS clients are to issue AFS commands, the translator machine must also meet the
- requirements discussed in <A
-HREF="a33047.html#HDRRMTSYS"
->Configuring the Translator Machine to Accept AFS Commands</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_676"
->Loading NFS and AFS Kernel Extensions</A
-></H2
-><P
->The AFS distribution for system types that can act as NFS/AFS Translator machines usually includes two versions of the
- AFS kernel extensions file, one for machines where the kernel supports NFS server functionality, and one for machines not
- using NFS (the latter AFS kernel extensions file generally has the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->nonfs</B
-></SPAN
-> in its name).
- A translator machine must use the NFS-enabled version of the AFS extensions file. On some system types, you select the
- appropriate file by moving it to a certain location, whereas on other system types you set a variable that results in
- automatic selection of the correct file. See the instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> for
- incorporating AFS into the kernel on each system type.</P
-><P
->On many system types, NFS is included in the kernel by default, so it is not necessary to load NFS kernel extensions
- explicitly. On system types where you must load NFS extensions, then in general you must load them before loading the AFS
- kernel extensions. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> describes how to incorporate the AFS initialization
- script into a machine's startup sequence so that it is ordered correctly with respect to the script that handles NFS.</P
-><P
->In addition, the AFS extensions must be loaded into the kernel before the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command
- runs. The AFS initialization script included in the AFS distribution correctly orders the loading and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> commands.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRRMTSYS"
->Configuring the Translator Machine to Accept AFS Commands</A
-></H2
-><P
->For users working on a translator machine's NFS clients to issue AFS commands, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rmtsys</B
-></SPAN
-> flag must be included on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command which initializes
- the translator machine's Cache Manager. The flag starts an additional daemon (the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->remote executor</I
-></SPAN
->
- daemon), which executes AFS-specific system calls on behalf of NFS clients. For a discussion of the implications of NFS users
- issuing AFS commands, see <A
-HREF="a33047.html#HDRWQ600"
->Setting the AFSSERVER and AFSCONF Environment Variables</A
->.</P
-><P
->The instructions in the IBM AFS Quick Beginnings for configuring the Cache Manager explain how to add options such as
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rmtsys</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command in the AFS
- initialization script. On many system types, it is simplest to list the flag on the line in the script that defines the
- OPTIONS variable. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->remote executor daemon</I
-></SPAN
-> does not consume many resources, so it is simplest to add it
- to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command on every translator machine, even if not all users on the machine's NFS
- clients issue AFS commands.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ604"
->Controlling Optional Translator Features</A
-></H2
-><P
->After an AFS client machine is configured as a translator machine, it by default exports the AFS filespace to NFS
- clients. You can disable and reenable translator functionality by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs exportafs</B
-></SPAN
->
- command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-start</B
-></SPAN
-> argument. The command's other arguments control other aspects of translator
- behavior. <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-convert</B
-></SPAN
-> argument controls whether the second and third (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->group</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->other</B
-></SPAN
->) sets of UNIX mode bits on an AFS file or
- directory being exported to NFS are set to match the first (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
->) mode bits. By
- default, the mode bits are set to match.</P
-><P
->Unlike AFS, NFS uses all three sets of mode bits when determining whether a user can read or write a file, even
- one stored in AFS. Some AFS files possibly do not have any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->group</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->other</B
-></SPAN
-> mode bits turned on, because AFS uses only the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
-> bits
- in combination with the ACL on the file's directory. If only the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
-> mode bits are
- set, NFS allows only the file's owner of the file to read or write it. Setting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-convert</B
-></SPAN
-> argument to the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
-> enables other users to access
- the file in the same manner as the owner. Setting the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
-> preserves the mode bits
- set on the file as stored in AFS.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uidcheck</B
-></SPAN
-> argument controls whether tokens can be assigned to an NFS user
- whose local UID on the NFS client machine differs from the local UID associated with the tokens on the translator
- machine. By default, this is possible.</P
-><P
->If you turn on UID checking by setting the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
->, then tokens can be assigned
- only to an NFS user whose local UID matches the local UID of the process on the translator machine that is assigning the
- tokens. One consequence is that there is no point in including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command: the only acceptable value is the local UID of the command's issuer, which
- is the value used when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument is omitted. Requiring matching UIDs in this way
- is effective only when users have the same local UID on the translator machine as on NFS client machines. In that case,
- it guarantees that users assign their tokens only to their own NFS sessions. For instructions, see <A
-HREF="a33047.html#HDRWQ612"
->Authenticating on Unsupported NFS Client Machines</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Turning on UID checking also prevents users on supported NFS clients from using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate on the NFS client directly. They must authenticated and use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command on the translator machine instead. This is because after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command interpreter obtains the token on the NFS client, it passes it to the Cache
- Manager's remote executor daemon, which makes the system call that stores the token in a credential structure on the
- translator machine. The remote executor generally runs as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->,
- so in most cases its local UID (normally zero) does not match the local UID of the user who issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command on the NFS client machine.</P
-><P
->On the other hand, although using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command instead of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command is possibly less convenient for users, it eliminates a security exposure: the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command interpreter passes the token across the network to the remote executor
- daemon in clear text mode.</P
-></BLOCKQUOTE
-></DIV
-><P
->If you disable UID checking by assigning the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
-> , the issuer of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command can assign tokens to a user who has a different local UID on the NFS
- client machine, such as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->. Indeed, more than one issuer of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command can assign tokens to the same user on the NFS client machine. Each time a
- different user issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command with the same value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument, that user's tokens overwrite the existing ones. This can result in unpredictable
- access for the NFS user.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-submounts</B
-></SPAN
-> argument controls whether users on the NFS client can mount AFS
- directories other than the top-level <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory. By default, the translator does
- not permit these submounts.</P
-><P
->Submounts can be useful in a couple of circumstances. If, for example, NFS users need to access their own AFS home
- directories only, then creating a submount to it eliminates the need for them to know or enter the complete path.
- Similarly, you can use a submount to prevent users from accessing parts of the filespace higher in the AFS hierarchy
- than the submount.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_679"
->To configure an NFS/AFS translator machine</A
-></H2
-><P
->The following instructions configure the translator to enable users to issue AFS commands. Omit Step <A
-HREF="a33047.html#LIWQ605"
->6</A
-> if you do not want to enable this functionality. <OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by
- issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Configure the NFS/AFS translator machine as an NFS server, if it is not already. Follow the instructions provided
- by your NFS supplier. The appropriate number of NFS server daemons (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->nfsd</B
-></SPAN
->)
- depends on the number of potential NFS clients.</P
-></LI
-><LI
-><P
->Configure the NFS/AFS translator machine as an AFS client, if it is not already. For the most predictable
- performance, the translator machine's local copies of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> files must be the same as on other client machines in the
- cell.</P
-></LI
-><LI
-><P
-><A
-NAME="LITRANS-MOUNTFILE"
-></A
->Modify the file that controls mounting of directories on the machine by remote
- NFS clients. <UL
-><LI
-><P
->On systems that use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/exports</B
-></SPAN
-> file, edit it to enable export of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory to NFS clients. You can list the names of specific NFS client
- machines if you want to provide access only to certain users. For a description of the file's format, see the NFS
- manual page for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exports(5)</B
-></SPAN
->.</P
-><P
->The following example enables any NFS client machine to mount the machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr2</B
-></SPAN
->
- directories:</P
-><PRE
-CLASS="programlisting"
-> /afs
- /usr
- /usr2
-</PRE
-></LI
-><LI
-><P
->On system types that use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->share</B
-></SPAN
-> command, edit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/dfs/dfstab</B
-></SPAN
-> file or equivalent to include <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->share</B
-></SPAN
->
- instructions that enable remote mounts of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory. Most distributions
- include the binary as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/sbin/share</B
-></SPAN
->. The following example commands enable
- remote mounts of the root ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
-> ) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->
- directories. To verify the correct syntax, consult the manual page for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->share</B
-></SPAN
->
- command. <PRE
-CLASS="programlisting"
-> share -F nfs -o rw -d "root" /
- share -F nfs -o rw -d "afs gateway" /afs
-</PRE
-></P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Edit the machine's AFS initialization file to invoke the standard UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exportfs</B
-></SPAN
->
- command after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program runs. On some system types, the modifications you made
- in Step <A
-HREF="a33047.html#LITRANS-MOUNTFILE"
->4</A
-> are not enough to enable exporting the AFS filespace via the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory, because the resulting configuration changes are made before the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program runs during machine initialization. Only after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program runs does the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory become the mount point
- for the entire AFS filespace; before, it is a local directory like any other.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ605"
-></A
->Modify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command in the AFS initialization file to
- include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rmtsys</B
-></SPAN
-> flag.</P
-><P
->For system types other than IRIX, the instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> for
- configuring the Cache Manager explain how to add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rmtsys</B
-></SPAN
-> flag, for example by
- adding it to the line in the script that defines the value for the OPTIONS variable.</P
-><P
->On IRIX systems, the AFS initialization script automatically adds the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rmtsys</B
-></SPAN
->
- flag if you have activated the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsxnfs</B
-></SPAN
-> configuration variable as instructed in the
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> instructions for incorporating AFS extensions into the kernel. If the
- variable is not already activated, issue the following command.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/chkconfig -f afsxnfs on</B
-></SPAN
->
-</PRE
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Depending on the number of NFS clients you expect this machine to
- serve, it can be beneficial to add other arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command in the machine's
- initialization file, such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-daemons</B
-></SPAN
-> argument to set the number of background
- daemons. See <A
-HREF="c21473.html"
->Administering Client Machines and the Cache Manager</A
-> and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->.</P
-></LI
-><LI
-><P
->Reboot the machine. On many system types, the appropriate command is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->shutdown</B
-></SPAN
->;
- consult your operating system administrator's guide. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->shutdown</B
-></SPAN
-> appropriate_options
-</PRE
-></P
-></LI
-></OL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_680"
->To disable or enable Translator functionality, or set optional features</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs exportafs</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs exportafs nfs</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-start</B
-></SPAN
-> {<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
->}} ] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-convert</B
-></SPAN
-> {<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
->}]
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uidcheck</B
-></SPAN
-> {<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
->}] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-submounts</B
-></SPAN
-> {<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
->}]
-</PRE
-> <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-start</B
-></SPAN
-></DT
-><DD
-><P
->Disables translator functionality if the value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
-> or reenables it if
- the value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
->. Omit this argument to display the current setting of all
- parameters set by this command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-convert</B
-></SPAN
-></DT
-><DD
-><P
->Controls the setting of the second and third (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->group</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->other</B
-></SPAN
->) sets of UNIX mode bits on AFS files and directories as exported to NFS clients If
- the value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
->, they are set to match the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
->
- mode bits. If the value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
->, the bits are not changed. If this argument is
- omitted, the default value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uidcheck</B
-></SPAN
-></DT
-><DD
-><P
->Controls whether issuers of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command can specify a value for its
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument that does not match their AFS UID: <UL
-><LI
-><P
->If the value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
->, the value of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument must match the issuer's local UID.</P
-></LI
-><LI
-><P
->If the value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
->, the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument to assign
- tokens to a user who has a different local UID on the NFS client machine, such as the local superuser
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-><P
->If this argument is omitted, the default value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-submounts</B
-></SPAN
-></DT
-><DD
-><P
->Controls whether the translator services an NFS mount of any directory in the AFS filespace other than the
- top-level <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory. If the value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->on</B
-></SPAN
->,
- such submounts are allowed. If the value is off, only mounts of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->
- directory are allowed. If this argument is omitted, the default value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->off</B
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ606"
->Configuring NFS Client Machines</A
-></H1
-><P
->Any NFS client machine that meets the following requirements can access files in AFS via the NFS/AFS Translator. It does
- not need to be configured as an AFS client machine. <UL
-><LI
-><P
->It must NFS-mount a translator machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory on a local directory, which
- by convention is also called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->. The following instructions explain how to add the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mount</B
-></SPAN
-> command to the NFS client machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/fstab</B
-></SPAN
->
- file or equivalent.</P
-><P
->The directory on which an NFS client mounts the translator's machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->
- directory can be called something other than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->. For instance, to make it easy to
- switch to another translator machine if the original one becomes inaccessible, you can mount more than one translator
- machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory. Name the mount <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> for the
- translator machine that you normally use, and use a different name the mount to each alternate translator machine.</P
-><P
->Mounting the AFS filespace on a directory other than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> introduces another
- requirement, however: when issuing a command that takes an AFS pathname argument, you must specify the full pathname,
- starting with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->, rather than a relative pathname. Suppose, for example, that a
- translator machine's AFS filespace is mounted at <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs2</B
-></SPAN
-> on an NFS client machine and you
- issue the following command to display the ACL on the current working directory, which is in AFS:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl .</B
-></SPAN
->
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter on the NFS client must construct a full pathname before
- passing the request to the Cache Manager on the translator machine. The AFS filespace is mounted at <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs2</B
-></SPAN
->, so the full pathname starts with that string. However, the Cache Manager on the translator
- cannot find a directory called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs2</B
-></SPAN
->, because its mount of the AFS filespace is called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->. The command fails. To prevent the failure, provide the file's complete pathname,
- starting with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->It must run an appropriate number of NFS client <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->biod</B
-></SPAN
-> daemons, which improve
- performance by handling pre-reading and delayed writing. Most NFS vendors recommend running four such daemons, and most
- NFS initialization scripts start them automatically. Consult your NFS documentation.</P
-></LI
-></UL
-></P
-><P
->To enable users to issue AFS commands, the NFS client machine must also be a supported system type (one for which AFS
- binaries are available) and able to access the AFS command binaries. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Release Notes</I
-></SPAN
-> list the
- supported system types in each release.</P
-><P
->In addition, the AFSSERVER and AFSCONF environment variables must be set appropriately, as discussed in <A
-HREF="a33047.html#HDRWQ600"
->Setting the AFSSERVER and AFSCONF Environment Variables</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_682"
->To configure an NFS client machine to access AFS</A
-></H2
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The following instructions enable NFS users to issue AFS commands. Omit Step <A
-HREF="a33047.html#LIWQ608"
->5</A
-> and Step
- <A
-HREF="a33047.html#LIWQ609"
->6</A
-> if you do not want to enable this functionality.</P
-></BLOCKQUOTE
-></DIV
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Configure the machine as an NFS client machine, if it is not already. Follow the instructions provided by your NFS
- vendor. The number of NFS client (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->biod</B
-></SPAN
->) daemons needs to be appropriate for the expected
- load on this machine. The usual recommended number is four.</P
-></LI
-><LI
-><P
->Create a directory called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> on the machine, if one does not already exist, to
- act as the mount point for the translator machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory. It is acceptable to
- use other names, but doing so introduces the limitation discussed in the introduction to this section. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mkdir /afs</B
-></SPAN
->
-</PRE
-> </P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ607"
-></A
->Modify the machine's file systems registry file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/fstab</B
-></SPAN
->
- or equivalent) to include a command that mounts a translator machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory. To
- verify the correct syntax of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mount</B
-></SPAN
-> command, see the operating system's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mount(5)</B
-></SPAN
-> manual page. The following example includes options that are appropriate on many system
- types. <PRE
-CLASS="programlisting"
-> mount -o hard,intr,timeo=300 translator_machine:/afs /afs
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->hard</SAMP
-></DT
-><DD
-><P
->Indicates that the NFS client retries NFS requests until the NFS server (translator machine) responds. When
- using the translator, file operations possibly take longer than with NFS alone, because they must also pass
- through the AFS Cache Manager. With a soft mount, a delayed response from the translator machine can cause the
- request to abort. Many NFS versions use hard mounts by default; if your version does not, it is best to add this
- option.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->intr</SAMP
-></DT
-><DD
-><P
->Enables the user to use a keyboard interrupt signal (such as <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->>) to break the mount when the translator machine is inaccessible. Include this
- option only if the <SAMP
-CLASS="computeroutput"
->hard</SAMP
-> option is used, in which case the connection does not
- automatically break off when a translator machine goes down.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->timeo</SAMP
-></DT
-><DD
-><P
->Sets the maximum time (in tenths of seconds) the translator can take to respond to the NFS client's request
- before the client considers the request timed out. With a hard mount, setting this option to a high number like
- 300 reduces the number of error messages like the following, which are generated when the translator does not
- respond immediately. <PRE
-CLASS="programlisting"
-> NFS server translator is not responding, still trying
-</PRE
-></P
-><P
->With a soft mount, it reduces the number of actual errors returned on timed-out requests.</P
-></DD
-><DT
-><VAR
-CLASS="replaceable"
->translator_machine</VAR
-></DT
-><DD
-><P
->Specifies the fully-qualified hostname of the translator machine whose <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->
- directory is to be mounted on the client machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory.</P
-></DD
-></DL
-></DIV
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->To mount the translator machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory onto a directory on the NFS
- client other than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->, substitute the alternate directory name for the second instance
- of <SAMP
-CLASS="computeroutput"
->/afs</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mount</B
-></SPAN
-> command.</P
-></BLOCKQUOTE
-></DIV
-></LI
-><LI
-><P
-><A
-NAME="LIWQ608"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> If appropriate, create the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.AFSSERVER</B
-></SPAN
-> file to set the AFSSERVER environment variable for all of the machine's users. For a
- discussion, see <A
-HREF="a33047.html#HDRWQ600"
->Setting the AFSSERVER and AFSCONF Environment Variables</A
->. Place a single
- line in the file, specifying the fully-qualified hostname of the translator machine that is to serve as the remote
- executor. To enable users to issue commands that handle tokens, it must be the machine named as translator_machine in Step
- <A
-HREF="a33047.html#LIWQ607"
->4</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ609"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> If appropriate, create the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.AFSCONF</B
-></SPAN
-> file to set the AFSCONF environment variable for all of the machine's users. For a
- discussion, see <A
-HREF="a33047.html#HDRWQ600"
->Setting the AFSSERVER and AFSCONF Environment Variables</A
->. Place a single
- line in the file, specifying the name of the directory where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> files reside. If you use a central update source for these files (by convention, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common/etc</B
-></SPAN
->), name it here.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ610"
->Configuring User Accounts</A
-></H1
-><P
->There are no requirements for NFS users to access AFS as unauthenticated users. To take advantage of more AFS
- functionality, however, they must meet the indicated requirements. <UL
-><LI
-><P
->To access AFS as authenticated users, they must of course authenticate with AFS, which requires an entry in the
- Protection and Authentication Databases.</P
-></LI
-><LI
-><P
->To create and store files, they need the required ACL permissions. If you are providing a home directory for storage
- of personal files, it is conventional to create a dedicated volume and mount it at the user's home directory location in
- the AFS filespace.</P
-></LI
-><LI
-><P
->To issue AFS commands, they must meet several additional requirements: <UL
-><LI
-><P
->They must be working on an NFS client machine of a supported system type and from which the AFS command
- binaries are accessible.</P
-></LI
-><LI
-><P
->Their command shell must define values for the AFSSERVER and AFSCONF environment variables, as described in
- <A
-HREF="a33047.html#HDRWQ600"
->Setting the AFSSERVER and AFSCONF Environment Variables</A
->. It is often simplest to
- define the variables by creating <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.AFSSERVER</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.AFSCONF</B
-></SPAN
-> file in the NFS client machine's root directory, but you can also either set the
- variables in each user's shell initialization file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.cshrc</B
-></SPAN
-> or equivalent), or
- create files called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.AFSSERVER</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.AFSCONF</B
-></SPAN
-> in
- each user's home directory.</P
-></LI
-><LI
-><P
->They must have an entry in the AFS Protection and Authentication Databases, so that they can authenticate if
- the command requires AFS privilege. Other commands instead require assuming the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> identity on the translator machine; for further discussion, see <A
-HREF="a33047.html#HDRWQ601"
->The AFSSERVER Variable</A
->.</P
-></LI
-><LI
-><P
->Their PATH environment variable must include the pathname to the appropriate AFS binaries. If a user works on
- NFS client machines of different system types, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> variable in the
- pathname rather than an actual system type name.</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_684"
->To configure a user account for issuing AFS commands</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Create entries for the user in the Protection and Authentication Databases, or create a complete AFS account. See
- the instructions for account creation in <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command
- Suite</A
-> or <A
-HREF="c27596.html"
->Administering User Accounts</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ611"
-></A
->Modify the user's PATH environment variable to include the pathname of AFS binaries, such as
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->sysname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/bin</B
-></SPAN
->. If the user works on NFS client machines of different system types, considering
- replacing the specific sysname value with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> variable. The PATH variable is
- commonly defined in a login or shell initialization file (such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.cshrc</B
-></SPAN
-> file).</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Set the AFSSERVER and AFSCONF environment variables if appropriate. This
- is required if the NFS client machines on which the user works do not have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.AFSSERVER</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.AFSCONF</B
-></SPAN
-> files in their root directories, or if
- you want user-specific values to override those settings.</P
-><P
->Either define the variables in the user's login or shell initialization file, or create the files <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.AFSSERVER</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.AFSCONF</B
-></SPAN
-> files in the user's home directory.</P
-><P
->For the AFSSERVER variable, specify the fully-qualified hostname of the translator machine that is to serve as the
- remote executor. For the AFSCONF variable, specify the name of the directory where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> files reside. If you use a central update
- source for these files (by convention, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common/etc</B
-></SPAN
->), name it here.</P
-></LI
-><LI
-><P
->If the pathname you defined in Step <A
-HREF="a33047.html#LIWQ611"
->2</A
-> includes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> variable, instruct users to check that their system name is defined correctly before they
- issue AFS commands. They issue the following command: <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
->
-</PRE
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ612"
->Authenticating on Unsupported NFS Client Machines</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command enables users to authenticate with AFS when they are working on NFS
- clients of unsupported system types (those for which AFS binaries are not available). This enables such users to access the AFS
- file tree to the same extent as any other AFS user. They cannot, however, issue AFS commands, which is possible only on NFS
- client machines of supported system types.</P
-><P
->To authenticate on an unsupported system type, establish a connection to the translator machine (using a facility such as
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
->), and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to obtain tokens for all
- the cells you wish to contact during the upcoming NFS session. Then issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command,
- which stores the tokens in a credential structure associated with your NFS session. The Cache Manager uses the tokens when
- performing AFS access requests that originate from your NFS session.</P
-><P
->More specifically, the credential structure is identified by a process authentication group (PAG) number associated with a
- particular local UID on a specific NFS client machine. By default, the NFS UID recorded in the credential structure is the same
- as your local UID on the translator machine. You can include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument to specify an
- alternate NFS UID, unless the translator machine's administrator has used the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs exportafs</B
-></SPAN
->
- command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uidcheck</B
-></SPAN
-> argument to enable UID checking. In that case, the value of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument must match your local UID on the translator machine (so there is not point to including the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument). Enforcing matching UIDs prevents someone else from placing their tokens in your
- credential structure, either accidentally or on purpose. However, it means that your cell's administrators must set your local
- UID on the NFS client to match your local UID on the translator machine. It also makes it impossible to authenticate by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command on supported NFS clients, meaning that all NFS users must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command. See <A
-HREF="a33047.html#HDRWQ604"
->Controlling Optional Translator Features</A
->.</P
-><P
->After issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command, you can begin working on the NFS client with
- authenticated access to AFS. When you are finished working, it is a good policy to destroy your tokens by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command on the translator machine again, this time with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-unlog</B
-></SPAN
->
- flag. This is simpler if you have left the connection to the translator machine open, but you can always establish a new
- connection if you closed the original one.</P
-><P
->If your NFS client machine is a supported system type and you wish to issue AFS commands on it, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sysname</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command. The remote executor daemon on the
- translator machine substitutes its value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> variable in pathnames when executing AFS
- commands that you issue on the NFS client machine. If your PATH environment variable uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> variable in the pathnames for directories that house AFS binaries (as recommended), then setting
- this argument enables the remote executor daemon to access the AFS binaries appropriate for your NFS client machine even if its
- system type differs from the translator machine's.</P
-><P
->If you do not issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command (or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->
- command on the NFS client machine itself, if it is a supported system type), then you are not authenticated with AFS. For a
- description of unauthenticated access, see <A
-HREF="a33047.html#HDRWQ599"
->Enabling Unauthenticated or Authenticated AFS Access</A
->.
- </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_686"
->To authenticate using the knfs command</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Log on to the relevant translator machine, either on the console or remotely by using a program such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Obtain tokens for every cell you wish to access while working on the NFS client. AFS-modified login utilities
- acquire a token for the translator machine's local cell by default; use <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to
- obtain tokens for other cells if desired.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command to create a credential structure in the translator machine's
- kernel memory for storing the tokens obtained in the previous step. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
->
- argument to associate the structure with a UID on the NFS client that differs from your local UID on the translator
- machine. This is possible unless the translator machine's administrator has enabled UID checking on the translator
- machine; see <A
-HREF="a33047.html#HDRWQ604"
->Controlling Optional Translator Features</A
->. If the NFS client machine is a
- supported system type and you wish to issue AFS commands on it, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sysname</B
-></SPAN
->
- argument to specify its system type. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs -host</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->host name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user ID (decimal)</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sysname</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->host's '@sys' value</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the fully-qualified hostname of the NFS client machine on which you are working.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies a local UID number on the NFS client machine with which to associate the tokens, if different from
- your local UID on the translator machine. If this argument is omitted, the tokens are associated with an NFS UID
- that matches your local UID on the translator machine. In both cases, the NFS client software marks your AFS
- access requests with the NFS UID when it forwards them to the Cache Manager on the translator machine.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sysname</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the value that the local machine's remote executor daemon substitutes for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> variable in pathnames when executing AFS commands issued on the NFS client machine
- (which must be a supported system type).</P
-></DD
-></DL
-></DIV
-></P
-><P
->The following error message indicates that the translator machine's administrator has enabled UID checking and you
- have provided a value that differs from your local UID on the translator machine.</P
-><PRE
-CLASS="programlisting"
-> knfs: Translator in 'passwd sync' mode; remote uid must be the same as local uid
-</PRE
-></LI
-><LI
-><P
->Close the connection to the translator machine (if desired) and work on the NFS client machine.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_687"
->To display tokens using the knfs command</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Log on to the relevant translator machine, either on the console or remotely by using a program such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-tokens</B
-></SPAN
-> flag to
- display the tokens associated with either the NFS UID that matches your local UID on the translator machine or the NFS UID
- specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs -host</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->host name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user ID (decimal)</VAR
->>] <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-tokens</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the fully-qualified hostname of the NFS client machine on which you are working.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the local UID on the NFS client machine for which to display tokens, if different from your local
- UID on the translator machine. If this argument is omitted, the tokens are for the NFS UID that matches your local
- UID on the translator machine.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-tokens</B
-></SPAN
-></DT
-><DD
-><P
->Displays the tokens.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->Close the connection to the translator machine if desired.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_688"
->To discard tokens using the knfs command</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->If you closed your connection to the translator machine after issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
->
- command, reopen it.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-unlog</B
-></SPAN
-> flag.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs -host</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->host name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user ID (decimal)</VAR
->>] <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-unlog</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the fully-qualified hostname of the NFS client machine you are working on.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the local UID number on the NFS client machine for which to discard the associated tokens, if
- different from your local UID on the translator machine. If this argument is omitted, the tokens associated with
- an NFS UID that matches your local UID on the translator machine are discarded.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-unlog</B
-></SPAN
-></DT
-><DD
-><P
->Discards the tokens.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If desired, close the connection to the translator machine.</P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c32432.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="a33826.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Managing Administrative Privilege</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Using AFS Commands</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Using AFS Commands</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Managing the NFS/AFS Translator"
-HREF="a33047.html"><LINK
-REL="NEXT"
-TITLE="The afsmonitor Program Statistics"
-HREF="a34149.html"></HEAD
-><BODY
-CLASS="appendix"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="a33047.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="a34149.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="appendix"
-><H1
-><A
-NAME="HDRCOMMANDS"
-></A
->Appendix B. Using AFS Commands</H1
-><P
->This section describes the components of AFS commands and how to make entering commands more efficient by using shortened
- forms. It has the following sections: <TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
-><A
-HREF="a33826.html#HDRWQ613"
->AFS Command Syntax</A
-></TD
-></TR
-><TR
-><TD
-><A
-HREF="a33826.html#HDRWQ614"
->Rules for Entering AFS Commands</A
-></TD
-></TR
-><TR
-><TD
-><A
-HREF="a33826.html#HDRWQ615"
->Rules for Using Abbreviations and Aliases</A
-></TD
-></TR
-><TR
-><TD
-><A
-HREF="a33826.html#HDRWQ616"
->Displaying Online Help for AFS Commands</A
-></TD
-></TR
-></TBODY
-></TABLE
-></P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ613"
->AFS Command Syntax</A
-></H1
-><P
->AFS commands that belong to suites have the following structure:</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->command_suite operation_code</B
-></SPAN
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-switch</B
-></SPAN
-> <VAR
-CLASS="replaceable"
-><value></VAR
->[+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-flag</B
-></SPAN
->]
-</PRE
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_691"
->Command Names</A
-></H2
-><P
->Together, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->command_suite</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->operation_code</B
-></SPAN
-> make up
- the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->command name</I
-></SPAN
->.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->command_suite</B
-></SPAN
-> specifies the group of related commands to which the command belongs,
- and indicates which command interpreter and server process perform the command. AFS has several command suites, including
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
->. Some of these suites have an interactive mode in which
- the issuer omits the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->command_suite</B
-></SPAN
-> portion of the command name.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->operation_code</B
-></SPAN
-> tells the command interpreter and server process which action to
- perform. Most command suites include several operation codes. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->
- describes each operation code in detail, and the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Guide</I
-></SPAN
-> describes how to use them
- in the context of performing administrative tasks.</P
-><P
->Several AFS commands do not belong to a suite and so their names do not have a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->command_suite</B
-></SPAN
-> portion. Their structure is otherwise similar to the commands in the suites.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_692"
->Options</A
-></H2
-><P
->The term <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->option</I
-></SPAN
-> refers to both arguments and flags, which are described in the following
- sections.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_693"
->Arguments</A
-></H2
-><P
->One or more arguments can follow the command name. Arguments specify the entities on which to act while performing the
- command (for example, which server machine, server process, or file). To minimize the potential for error, provide a command's
- arguments in the order prescribed in its syntax definition.</P
-><P
->Each argument has two parts, which appear in the indicated order: <UL
-><LI
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->switch</I
-></SPAN
-> specifies the argument's type and is preceded by a hyphen ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
-> ). For instance, the switch <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> usually indicates that the
- argument names a server machine. Switches can often be omitted, subject to the rules outlined in <A
-HREF="a33826.html#HDRNOSWITCH"
->Conditions for Omitting Switches</A
->.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->value</I
-></SPAN
-> names a particular entity of the type specified by the preceding switch. For
- example, the proper value for a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> switch is a server machine name like <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs3.abc.com</B
-></SPAN
->. Unlike switches (which have a required form), values vary depending on what the
- issuer wants to accomplish. Values appear surrounded by angle brackets (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->< ></B
-></SPAN
->) in
- command descriptions and the online help to show that they are user-supplied variable information.</P
-></LI
-></UL
-></P
-><P
->Some arguments accept multiple values, as indicated by trailing plus sign ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->+</B
-></SPAN
-> ) in the
- command descriptions and online help. How many of a command's arguments take multiple values, and their ordering with respect
- to other arguments, determine when it is acceptable to omit switches. See <A
-HREF="a33826.html#HDRNOSWITCH"
->Conditions for Omitting
- Switches</A
->.</P
-><P
->Some commands have optional as well as required arguments; the command descriptions and online help show optional
- arguments in square brackets ([ ]).</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_694"
->Flags</A
-></H2
-><P
->Some commands have one or more flags, which specify the manner in which the command interpreter and server process
- perform the command, or what kind of output it produces. Flags are preceded by hyphens like switches, but they take no values.
- Although the command descriptions and online help generally list a command's flags after its arguments, there is no prescribed
- order for flags. They can appear anywhere on the command line following the operation code, except in between the parts of an
- argument. Flags are always optional.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRCOMMAND-EX"
->An Example Command</A
-></H2
-><P
->The following example illustrates the different parts of a command that belongs to an AFS command suite.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getdate -server fs1.abc.com -file ptserver kaserver</B
-></SPAN
->
-</PRE
-><P
->where <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> is the command suite. The BOS Server executes most of the commands in this
- suite.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getdate</B
-></SPAN
-> is the operation code. It tells the BOS Server on the specified server
- machine (in this case <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->) to report the modification dates of binary files in
- the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server fs1.abc.com</B
-></SPAN
-> is one argument, with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> as the switch and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
-> as the value. This
- argument specifies the server machine on which BOS Server is to collect and report binary dates.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file ptserver kaserver</B
-></SPAN
-> is an argument that takes multiple values. The switch is
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> and the values are <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ptserver</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaserver</B
-></SPAN
->. This argument tells the BOS Server to report the modification dates on the files
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/kaserver</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/ptserver</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ614"
->Rules for Entering AFS Commands</A
-></H2
-><P
->Enter each AFS command on a single line (press <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
-> only at the end of the
- command). Some commands in this document appear broken across multiple lines, but that is for legibility only.</P
-><P
->Use a space to separate each element on a command line from its neighbors. Spaces rather than commas also separate
- multiple values of an argument.</P
-><P
->In many cases, the issuer of a command can reduce the amount of typing necessary by using one or both of the following
- methods: <UL
-><LI
-><P
->Omitting switches</P
-></LI
-><LI
-><P
->Using accepted abbreviations for operation codes, switches (if they are included at all), and some types of
- values</P
-></LI
-></UL
-></P
-><P
->The following sections explain the conditions for omitting or shortening parts of the command line. It is always
- acceptable to type a command in full, with all of its switches and no abbreviations.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRNOSWITCH"
->Conditions for Omitting Switches</A
-></H3
-><P
->It is always acceptable to type the switch part of an argument, but in many cases it is not necessary. Specifically,
- switches can be omitted if the following conditions are met. <UL
-><LI
-><P
->All of the command's required arguments appear in the order prescribed by the syntax statement</P
-></LI
-><LI
-><P
->No switch is provided for any argument</P
-></LI
-><LI
-><P
->There is only one value for each argument (but note the important exception discussed in the following
- paragraph)</P
-></LI
-></UL
-></P
-><P
->Omitting switches is possible only because there is a prescribed order for each command's arguments. When the issuer
- does not include switches, the command interpreter relies instead on the order of arguments; it assumes that the first
- element after the operation code is the command's first argument, the next element is the command's second argument, and so
- on. The important exception is when a command's final required argument accepts multiple values. In this case, the command
- interpreter assumes that the issuer has correctly provided one value for each argument up through the final one, so any
- additional values at the end belong to the final argument.</P
-><P
->The following list describes the rules for omitting switches from the opposite perspective: an argument's switch must
- be provided when any of the following conditions apply. <UL
-><LI
-><P
->The command's arguments do not appear in the prescribed order</P
-></LI
-><LI
-><P
->An optional argument is omitted but a subsequent optional argument is provided</P
-></LI
-><LI
-><P
->A switch is provided for a preceding argument</P
-></LI
-><LI
-><P
->More than one value is supplied for a preceding argument (which must take multiple values, of course); without a
- switch on the current argument, the command interpreter assumes that the current argument is another value for the
- preceding argument</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_698"
->An Example of Omitting Switches</A
-></H3
-><P
->Consider again the example command from <A
-HREF="a33826.html#HDRCOMMAND-EX"
->An Example Command</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getdate -server fs1.abc.com -file ptserver kaserver</B
-></SPAN
->
-</PRE
-><P
->This command has two required arguments: the server machine name (identified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> switch) and binary file name (identified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
->
- switch). The second argument accepts multiple values. By complying with all three conditions, the issuer can omit the
- switches:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getdate fs1.abc.com ptserver kaserver</B
-></SPAN
->
-</PRE
-><P
->Because there are no switches, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> command interpreter relies on the order of
- arguments. It assumes that the first element following the operation code, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->, is
- the server machine name, and that the next argument, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ptserver</B
-></SPAN
->, is a binary file name. Then,
- because the command's second (and last) argument accepts multiple values, the command interpreter correctly interprets
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaserver</B
-></SPAN
-> as an additional value for it.</P
-><P
->On the other hand, the following is not acceptable because it violates the first two conditions in <A
-HREF="a33826.html#HDRNOSWITCH"
->Conditions for Omitting Switches</A
->: even though there is only one value per argument, the
- arguments do not appear in the prescribed order, and a switch is provided for one argument but not the other.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getdate ptserver -server fs1.abc.com</B
-></SPAN
->
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ615"
->Rules for Using Abbreviations and Aliases</A
-></H2
-><P
->This section explains how to abbreviate operation codes, option names, server machine names, partition names, and cell
- names. It is not possible to abbreviate other types of values.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_700"
->Abbreviating Operation Codes</A
-></H3
-><P
->It is acceptable to abbreviate an operation code to the shortest form that still distinguishes it from the other
- operation codes in its suite.</P
-><P
->For example, it is acceptable to shorten <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos install</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- i</B
-></SPAN
-> because there are no other operation codes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> command suite that begin
- with the letter <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->. In contrast, there are several <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
->
- operation codes that start with the letter <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
->, so the abbreviations must be longer to remain
- unambiguous: <TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos sa</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos seta</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setauth</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setc</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setcellname</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setr</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setrestart</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos sh</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos shutdown</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos start</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos start</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startu</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stat</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos sto</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stop</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></P
-><P
->In addition to abbreviations, some operation codes have an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->alias</I
-></SPAN
->, a short form that is not
- derived by abbreviating the operation code to its shortest unambiguous form. For example, the alias for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sa</B
-></SPAN
->, whereas the shortest unambiguous
- abbreviation is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs seta</B
-></SPAN
->.</P
-><P
->There are two usual reasons an operation code has an alias: <UL
-><LI
-><P
->Because the command is frequently issued, it is convenient to have a form shorter than the one derived by
- abbreviating. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command is an example.</P
-></LI
-><LI
-><P
->Because the command's name has changed, but users of previous versions of AFS know the former name. For example,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listhosts</B
-></SPAN
-> has the alias <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getcell</B
-></SPAN
->, its former
- name. It is acceptable to abbreviate aliases to their shortest unambiguous form (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getcell</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getc</B
-></SPAN
->).</P
-></LI
-></UL
-></P
-><P
->Even if an operation code has an alias, it is still acceptable to use the shortest unambiguous form. Thus, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command has three acceptable forms: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
->
- (the full form), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs seta</B
-></SPAN
-> (the shortest abbreviation), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- sa</B
-></SPAN
-> (the alias).</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_701"
->Abbreviating Switches and Flags</A
-></H3
-><P
->It is acceptable to shorten a switch or flag to the shortest form that distinguishes it from the other switches and
- flags for its operation code. It is often possible to omit switches entirely, subject to the conditions listed in <A
-HREF="a33826.html#HDRNOSWITCH"
->Conditions for Omitting Switches</A
->.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRFMSABBREV"
->Abbreviating Server Machine Names</A
-></H3
-><P
->AFS server machines must have fully-qualified Internet-style host names (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->), but it is not always necessary to type the full name on the command line. AFS commands
- accept unambiguous shortened forms, but depend on the cell's name service (such as the Domain Name Service) or a local host
- table to resolve a shortened name to the fully-qualified equivalent when the command is issued.</P
-><P
->Most commands also accept the dotted decimal form of the machine's IP address as an identifier.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRPARTABBREV"
->Abbreviating Partition Names</A
-></H3
-><P
->Partitions that house AFS volumes must have names of the form <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicep</B
-></SPAN
-><VAR
-CLASS="replaceable"
->x</VAR
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicep</B
-></SPAN
-><VAR
-CLASS="replaceable"
->xx</VAR
->, where the variable final portion is one or two lowercase
- letters. By convention, the first server partition created on a file server machine is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
->, the second <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepb</B
-></SPAN
->, and so on. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick
- Beginnings</I
-></SPAN
-> explains how to configure and name a file server machine's partitions in preparation for storing AFS
- volumes on them.</P
-><P
->When issuing AFS commands, you can abbreviate a partition name using any of the following forms:</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vicepa</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
->
-<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepb</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vicepb</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->b</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
->
-</PRE
-><P
->After <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepz</B
-></SPAN
-> (for which the index is 25) comes</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepaa</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vicepaa</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->aa</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->26</B
-></SPAN
->
-<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepab</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vicepab</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ab</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->27</B
-></SPAN
->
-</PRE
-><P
->and so on through</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepiv</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vicepiv</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->iv</B
-></SPAN
-> = <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->255</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRCELLABBREV"
->Abbreviating Cell Names</A
-></H3
-><P
->A cell's full name usually matches its Internet domain name (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu.edu</B
-></SPAN
-> for
- the State University or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> for ABC Corporation). Some AFS commands accept unambiguous
- shortened forms, usually with respect to the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB file</B
-></SPAN
-> but
- sometimes depending on the ability of the local name service to resolve the corresponding domain name.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ616"
->Displaying Online Help for AFS Commands</A
-></H2
-><P
->To display online help for AFS commands that belong to suites, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->help</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->apropos</B
-></SPAN
-> operation codes. A <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-help</B
-></SPAN
-> flag is also available on
- every almost every AFS command.</P
-><P
->The online help entry for a command consists of two or three lines: <UL
-><LI
-><P
->The first line names the command and briefly describes what it does</P
-></LI
-><LI
-><P
->If the command has aliases, they appear on the next line</P
-></LI
-><LI
-><P
->The final line, which begins with the string <SAMP
-CLASS="computeroutput"
->Usage:</SAMP
->, lists the command's options
- in the prescribed order; online help entries use the same typographical symbols (brackets and so on) as this
- documentation.</P
-></LI
-></UL
-></P
-><P
->If no operation code is specified, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->help</B
-></SPAN
-> operation code displays the first line
- (short description) for every operation code in the suite:</P
-><PRE
-CLASS="programlisting"
-> % <VAR
-CLASS="replaceable"
->command_suite</VAR
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->help</B
-></SPAN
->
-</PRE
-><P
->If the issuer specifies one or more operation codes, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->help</B
-></SPAN
-> operation code displays
- each command's complete online entry (short description, alias if any, and syntax):</P
-><PRE
-CLASS="programlisting"
-> % <VAR
-CLASS="replaceable"
->command_suite</VAR
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->help</B
-></SPAN
-> <VAR
-CLASS="replaceable"
->operation_code</VAR
->+
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-help</B
-></SPAN
-> flag displays a command's syntax but not the short description or
- alias:</P
-><PRE
-CLASS="programlisting"
-> % <VAR
-CLASS="replaceable"
->command_name</VAR
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-help</B
-></SPAN
->
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->apropos</B
-></SPAN
-> operation code displays the short description of any command in a suite
- whose operation code or short description includes the specified keyword:</P
-><PRE
-CLASS="programlisting"
-> % <VAR
-CLASS="replaceable"
->command_suite</VAR
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->apropos</B
-></SPAN
-> <VAR
-CLASS="replaceable"
->"<help string>"</VAR
->
-</PRE
-><P
->The following example command displays the complete online help entry for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
->
- command:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs help setacl</B
-></SPAN
->
- fs setacl: set access control list
- aliases: sa
- Usage: fs setacl -dir <<VAR
-CLASS="replaceable"
->directory</VAR
->>+ -acl <<VAR
-CLASS="replaceable"
->access list entries</VAR
->>+
- [-clear] [-negative] [-id] [-if] [-help]
-</PRE
-><P
->To see only the syntax statement, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-help</B
-></SPAN
-> flag:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -help</B
-></SPAN
->
- Usage: fs setacl -dir <<VAR
-CLASS="replaceable"
->directory</VAR
->>+ -acl <<VAR
-CLASS="replaceable"
->access list entries</VAR
->>+
- [-clear] [-negative] [-id] [-if] [-help]
-</PRE
-><P
->In the following example, a user wants to display the quota for her home volume. She knows that the relevant command
- belongs to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> suite, but cannot remember the operation code. She uses <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quota</B
-></SPAN
-> as the keyword:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs apropos quota</B
-></SPAN
->
- listquota: list volume quota
- quota: show volume quota usage
- setquota: set volume quota
-</PRE
-><P
->The following illustrates the error message that results if no command name or short description contains the
- keyword:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs apropos "list quota"</B
-></SPAN
->
- Sorry, no commands found
-</PRE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="a33047.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="a34149.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Managing the NFS/AFS Translator</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->The afsmonitor Program Statistics</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->The afsmonitor Program Statistics</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Using AFS Commands"
-HREF="a33826.html"><LINK
-REL="NEXT"
-TITLE="AIX Audit Events"
-HREF="a35965.html"></HEAD
-><BODY
-CLASS="appendix"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="a33826.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="a35965.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="appendix"
-><H1
-><A
-NAME="HDRWQ617"
-></A
->Appendix C. The afsmonitor Program Statistics</H1
-><P
->This appendix lists the statistics you can gather with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program, grouping
- them by category and section, and briefly describing each field, group, and section. For instructions on using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program, see <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
-> </P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ618"
->The Cache Manager Statistics</A
-></H1
-><P
->Cache Manager statistics fields are classified into the following sections and groups: <UL
-><LI
-><P
->PerfStats_section - Performance Statistics Section. <UL
-><LI
-><P
->PerfStats_group - Performance Statistics Group.</P
-></LI
-><LI
-><P
->misc_group - Miscellaneous Group.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Server_UpDown_section - Server Up/Down Statistics Section. <UL
-><LI
-><P
->FS_upDown_SC_group - File Server Up/Down Statistics in Same Cell Group.</P
-></LI
-><LI
-><P
->FS_upDown_OC_group - File Server Up/Down Statistics in Other Cells Group.</P
-></LI
-><LI
-><P
->VL_upDown_SC_group - VL Server Up/Down Statistics in Same Cell Group.</P
-></LI
-><LI
-><P
->VL_upDown_OC_group - VL Server Up/Down Statistics in Other Cells Group.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->RPCop_section - RPC Operation Measurements Section. <UL
-><LI
-><P
->FS_RPCopTimes_group - File Server RPC Operation Timings Group.</P
-></LI
-><LI
-><P
->FS_RPCopErrors_group - File Server RPC Operation Errors Group.</P
-></LI
-><LI
-><P
->FS_RPCopBytes_group - File Server RPC Transfer Timings Group.</P
-></LI
-><LI
-><P
->CM_RPCopTimes_group - Cache Manager RPC Operation Timings Group.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Auth_Access_section - Authentication and Replicated File Access Section. <UL
-><LI
-><P
->Auth_Stats_group - Authentication Information for Cache Manager Group.</P
-></LI
-><LI
-><P
->Access_Stats_group - Unreplicated File Access Group.</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-><P
->All Cache Manager variables categorized under these sections and groups names are listed below.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_708"
->Performance Statistics Section (PerfStats_section)</A
-></H2
-><P
->Performance Statistics Group (PerfStats_group) <UL
-><LI
-><P
->dlocalAccesses: Number of data accesses to files within local cell.</P
-></LI
-><LI
-><P
->vlocalAccesses: Number of stat accesses to files within local cell.</P
-></LI
-><LI
-><P
->dremoteAccesses: Number of data accesses to files outside of local cell.</P
-></LI
-><LI
-><P
->vremoteAccesses: Number of stat accesses to files outside of local cell.</P
-></LI
-><LI
-><P
->cacheNumEntries: Number of cache entries.</P
-></LI
-><LI
-><P
->cacheBlocksTotal: Number of (1K) blocks configured for cache.</P
-></LI
-><LI
-><P
->cacheBlocksInUse: Number of cache blocks actively in use.</P
-></LI
-><LI
-><P
->cacheBlocksOrig: Number of cache blocks at bootup.</P
-></LI
-><LI
-><P
->cacheMaxDirtyChunks: Maximum number of dirty cache chunks tolerated.</P
-></LI
-><LI
-><P
->cacheCurrDirtyChunks: Current number of dirty cache chunks.</P
-></LI
-><LI
-><P
->dcacheHits: Number of data files found in local cache.</P
-></LI
-><LI
-><P
->vcacheHits: Number of stat entries found in local cache.</P
-></LI
-><LI
-><P
->dcacheMisses: Number of data files <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->not</B
-></SPAN
-> found in local cache.</P
-></LI
-><LI
-><P
->vcacheMisses: Number of stat entries <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->not</B
-></SPAN
-> found in local cache.</P
-></LI
-><LI
-><P
->cacheFlushes: Number of files flushed from cache.</P
-></LI
-><LI
-><P
->cacheFilesReused: Number of cache files reused.</P
-></LI
-><LI
-><P
->dcacheXAllocs: Additionally allocated dcaches.</P
-></LI
-><LI
-><P
->vcacheXAllocs: Additionally allocated vcaches.</P
-></LI
-><LI
-><P
->bufAlloced: Number of buffers allocated by AFS.</P
-></LI
-><LI
-><P
->bufHits: Number of pages found on buffer cache.</P
-></LI
-><LI
-><P
->bufMisses: Number of pages <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->not</B
-></SPAN
-> found on buffer cache.</P
-></LI
-><LI
-><P
->bufFlushDirty: Number of cached dirty buffers flushed because all were busy.</P
-></LI
-><LI
-><P
->LargeBlocksActive: Number of currently used large free pool entries.</P
-></LI
-><LI
-><P
->LargeBlocksAlloced: Number of allocated large free pool entries.</P
-></LI
-><LI
-><P
->SmallBlocksActive: Number of currently used small free pool entries.</P
-></LI
-><LI
-><P
->SmallBlocksAlloced: Number of allocated used small free pool entries.</P
-></LI
-><LI
-><P
->OutStandingMemUsage: Amount of allocated memory.</P
-></LI
-><LI
-><P
->OutStandingAllocs: Outstanding osi_allocs (no osi_frees yet).</P
-></LI
-><LI
-><P
->CallBackAlloced: Number of callback structures allocated.</P
-></LI
-><LI
-><P
->CallBackFlushes: Number of callback flush operations performed.</P
-></LI
-><LI
-><P
->srvRecords: Number of servers currently on record.</P
-></LI
-><LI
-><P
->srvRecordsHWM: Server record high water mark.</P
-></LI
-><LI
-><P
->srvNumBuckets: Number of server hash chain buckets.</P
-></LI
-><LI
-><P
->srvMaxChainLength: Maximum server hash chain length.</P
-></LI
-><LI
-><P
->srvMaxChainLengthHWM: Server hash chain high water mark.</P
-></LI
-><LI
-><P
->sysName_ID: Sysname ID for host hardware.</P
-></LI
-></UL
-></P
-><P
->Miscellaneous Group (misc_group) <UL
-><LI
-><P
->numPerfCalls: Number of performance calls received.</P
-></LI
-><LI
-><P
->epoch: Cache Manager epoch time.</P
-></LI
-><LI
-><P
->numCellsVisible: Number of cells we know about.</P
-></LI
-><LI
-><P
->numCellsContacted: Number of cells contacted.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_709"
->Server Up/Down Statistics Section (Server_UpDown_section)</A
-></H2
-><P
->File Server Up/Down Statistics in Same Cell Group (FS_upDown_SC_group) <DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->records</I
-></SPAN
-> referred to in this section are the internal records kept by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program to track the processes from which data is being gathered.</P
-></BLOCKQUOTE
-></DIV
-> <UL
-><LI
-><P
->fs_sc_numTtlRecords: Number of fileserver records, active or inactive.</P
-></LI
-><LI
-><P
->fs_sc_numUpRecords: Number of (active) fileserver records currently marked up.</P
-></LI
-><LI
-><P
->fs_sc_numDownRecords: Number of (active) fileserver records currently marked down.</P
-></LI
-><LI
-><P
->fs_sc_sumOfRecordAges: Sum of fileserver record lifetimes.</P
-></LI
-><LI
-><P
->fs_sc_ageOfYoungestRecord: Age of youngest fileserver record.</P
-></LI
-><LI
-><P
->fs_sc_ageOfOldestRecord: Age of oldest fileserver record.</P
-></LI
-><LI
-><P
->fs_sc_numDowntimeIncidents: Number of (completed) downtime incidents.</P
-></LI
-><LI
-><P
->fs_sc_numRecordsNeverDown: Number of fileserver records never marked down.</P
-></LI
-><LI
-><P
->fs_sc_maxDowntimesInARecord: Maximum downtimes seen by any fileserver record.</P
-></LI
-><LI
-><P
->fs_sc_sumOfDowntimes: Sum of all (completed) downtimes, in seconds.</P
-></LI
-><LI
-><P
->fs_sc_shortestDowntime: Shortest downtime, in seconds.</P
-></LI
-><LI
-><P
->fs_sc_longestDowntime: Longest downtime, in seconds.</P
-></LI
-><LI
-><P
->fs_sc_down_0_10_min: Down time incidents: 0-10 minutes.</P
-></LI
-><LI
-><P
->fs_sc_down_10_30_min: Down time incidents: 10-30 minutes.</P
-></LI
-><LI
-><P
->fs_sc_down_half_1_hr: Down time incidents: 30-60 minutes.</P
-></LI
-><LI
-><P
->fs_sc_down_1_2_hr: Down time incidents: 1-2 hours.</P
-></LI
-><LI
-><P
->fs_sc_down_2_4_hr: Down time incidents: 2-4 hours.</P
-></LI
-><LI
-><P
->fs_sc_down_4_8_hr: Down time incidents: 4-8 hours.</P
-></LI
-><LI
-><P
->fs_sc_down_more_8_hr: Down time incidents: more than 8 hours.</P
-></LI
-><LI
-><P
->fs_sc_downDst_0: Down time incidents: 0 times.</P
-></LI
-><LI
-><P
->fs_sc_downDst_1: Down time incidents: 1 time.</P
-></LI
-><LI
-><P
->fs_sc_downDst_2_5: Down time incidents: 2-5 times.</P
-></LI
-><LI
-><P
->fs_sc_downDst_6_10: Down time incidents: 6-10 times.</P
-></LI
-><LI
-><P
->fs_sc_downDst_10_50: Down time incidents: 10-50 times.</P
-></LI
-><LI
-><P
->fs_sc_downDst_more_50: Down time incidents: more than 50 times.</P
-></LI
-></UL
-></P
-><P
->File Server Up/Down Statistics in Other Cells Group (FS_upDown_OC_group) <UL
-><LI
-><P
->fs_oc_numTtlRecords: Number of fileserver records, active or inactive.</P
-></LI
-><LI
-><P
->fs_oc_numUpRecords: Number of (active) fileserver records currently marked up.</P
-></LI
-><LI
-><P
->fs_oc_numDownRecords: Number of (active) fileserver records currently marked down.</P
-></LI
-><LI
-><P
->fs_oc_sumOfRecordAges: Sum of server record lifetimes.</P
-></LI
-><LI
-><P
->fs_oc_ageOfYoungestRecord: Age of youngest fileserver record.</P
-></LI
-><LI
-><P
->fs_oc_ageOfOldestRecord: Age of oldest fileserver record.</P
-></LI
-><LI
-><P
->fs_oc_numDowntimeIncidents: Number of (completed) downtime incidents.</P
-></LI
-><LI
-><P
->fs_oc_numRecordsNeverDown: Number of fileserver records never marked down.</P
-></LI
-><LI
-><P
->fs_oc_maxDowntimesInARecord: Maximum downtimes seen by any fileserver.</P
-></LI
-><LI
-><P
->fs_oc_sumOfDowntimes: Sum of all (completed) downtimes, in seconds.</P
-></LI
-><LI
-><P
->fs_oc_shortestDowntime: Shortest downtime, in seconds.</P
-></LI
-><LI
-><P
->fs_oc_longestDowntime: Longest downtime, in seconds.</P
-></LI
-><LI
-><P
->fs_oc_down_0_10_min: Down time incidents: 0-10 minutes.</P
-></LI
-><LI
-><P
->fs_oc_down_10_30_min: Down time incidents: 10-30 minutes.</P
-></LI
-><LI
-><P
->fs_oc_down_half_1_hr: Down time incidents: 30-60 minutes.</P
-></LI
-><LI
-><P
->fs_oc_down_1_2_hr: Down time incidents: 1-2 hours.</P
-></LI
-><LI
-><P
->fs_oc_down_2_4_hr: Down time incidents: 2-4 hours.</P
-></LI
-><LI
-><P
->fs_oc_down_4_8_hr: Down time incidents: 4-8 hours.</P
-></LI
-><LI
-><P
->fs_oc_down_more_8_hr: Down time incidents: more than 8 hours.</P
-></LI
-><LI
-><P
->fs_oc_downDst_0: Down time incidents: 0 times.</P
-></LI
-><LI
-><P
->fs_oc_downDst_1: Down time incidents: 1 time.</P
-></LI
-><LI
-><P
->fs_oc_downDst_2_5: Down time incidents: 2-5 times.</P
-></LI
-><LI
-><P
->fs_oc_downDst_6_10: Down time incidents: 6-10 times.</P
-></LI
-><LI
-><P
->fs_oc_downDst_10_50: Down time incidents: 10-50 times.</P
-></LI
-><LI
-><P
->fs_oc_downDst_more_50: Down time incidents: more than 50 times.</P
-></LI
-></UL
-></P
-><P
->VL Server Up/Down Statistics in Same Cell Group (VL_upDown_SC_group) <UL
-><LI
-><P
->vl_sc_numTtlRecords: Number of vlserver records, active or inactive.</P
-></LI
-><LI
-><P
->vl_sc_numUpRecords: Number of (active) vlserver records currently marked up.</P
-></LI
-><LI
-><P
->vl_sc_numDownRecords: Number of (active) vlserver records currently marked down.</P
-></LI
-><LI
-><P
->vl_sc_sumOfRecordAges: Sum of vlserver record lifetimes.</P
-></LI
-><LI
-><P
->vl_sc_ageOfYoungestRecord: Age of youngest vlserver record.</P
-></LI
-><LI
-><P
->vl_sc_ageOfOldestRecord: Age of oldest vlserver record.</P
-></LI
-><LI
-><P
->vl_sc_numDowntimeIncidents: Number of (completed) downtime incidents.</P
-></LI
-><LI
-><P
->vl_sc_numRecordsNeverDown: Number of vlserver records never marked down.</P
-></LI
-><LI
-><P
->vl_sc_maxDowntimesInARecord: Maximum downtimes seen by any vlserver record.</P
-></LI
-><LI
-><P
->vl_sc_sumOfDowntimes: Sum of all (completed) downtimes, in seconds.</P
-></LI
-><LI
-><P
->vl_sc_shortestDowntime: Shortest downtime, in seconds.</P
-></LI
-><LI
-><P
->vl_sc_longestDowntime: Longest downtime, in seconds.</P
-></LI
-><LI
-><P
->vl_sc_down_0_10_min: Down time incidents: 0-10 minutes.</P
-></LI
-><LI
-><P
->vl_sc_down_10_30_min: Down time incidents: 10-30 minutes.</P
-></LI
-><LI
-><P
->vl_sc_down_half_1_hr: Down time incidents: 30-60 minutes.</P
-></LI
-><LI
-><P
->vl_sc_down_1_2_hr: Down time incidents: 1-2 hours.</P
-></LI
-><LI
-><P
->vl_sc_down_2_4_hr: Down time incidents: 2-4 hours.</P
-></LI
-><LI
-><P
->vl_sc_down_4_8_hr: Down time incidents: 4-8 hours.</P
-></LI
-><LI
-><P
->vl_sc_down_more_8_hr: Down time incidents: more than 8 hours.</P
-></LI
-><LI
-><P
->vl_sc_downDst_0: Down time incidents: 0 times.</P
-></LI
-><LI
-><P
->vl_sc_downDst_1: Down time incidents: 1 time.</P
-></LI
-><LI
-><P
->vl_sc_downDst_2_5: Down time incidents: 2-5 times.</P
-></LI
-><LI
-><P
->vl_sc_downDst_6_10: Down time incidents: 6-10 times.</P
-></LI
-><LI
-><P
->vl_sc_downDst_10_50: Down time incidents: 10-50 times.</P
-></LI
-><LI
-><P
->vl_sc_downDst_more_50: Down time incidents: more than 50 times.</P
-></LI
-></UL
-></P
-><P
->VL Server Up/Down Statistics in Other Cells Group (VL_upDown_DC_group) <UL
-><LI
-><P
->vl_oc_numTtlRecords: Number of vlserver records, active or inactive.</P
-></LI
-><LI
-><P
->vl_oc_numUpRecords: Number of (active) vlserver records currently marked up.</P
-></LI
-><LI
-><P
->vl_oc_numDownRecords: Number of (active) vlserver records currently marked down.</P
-></LI
-><LI
-><P
->vl_oc_sumOfRecordAges: Sum of vlserver record lifetimes.</P
-></LI
-><LI
-><P
->vl_oc_ageOfYoungestRecord: Age of youngest vlserver record.</P
-></LI
-><LI
-><P
->vl_oc_ageOfOldestRecord: Age of oldest vlserver record.</P
-></LI
-><LI
-><P
->vl_oc_numDowntimeIncidents: Number of (completed) downtime incidents.</P
-></LI
-><LI
-><P
->vl_oc_numRecordsNeverDown: Number of vlserver records never marked down.</P
-></LI
-><LI
-><P
->vl_oc_maxDowntimesInARecord: Maximum downtimes seen by any vlserver record.</P
-></LI
-><LI
-><P
->vl_oc_sumOfDowntimes: Sum of all (completed) downtimes, in seconds.</P
-></LI
-><LI
-><P
->vl_oc_shortestDowntime: Shortest downtime, in seconds.</P
-></LI
-><LI
-><P
->vl_oc_longestDowntime: Longest downtime, in seconds.</P
-></LI
-><LI
-><P
->vl_oc_down_0_10_min: Down time incidents: 0-10 minutes.</P
-></LI
-><LI
-><P
->vl_oc_down_10_30_min: Down time incidents: 10-30 minutes.</P
-></LI
-><LI
-><P
->vl_oc_down_half_1_hr: Down time incidents: 30-60 minutes.</P
-></LI
-><LI
-><P
->vl_oc_down_1_2_hr: Down time incidents: 1-2 hours.</P
-></LI
-><LI
-><P
->vl_oc_down_2_4_hr: Down time incidents: 2-4 hours.</P
-></LI
-><LI
-><P
->vl_oc_down_4_8_hr: Down time incidents: 4-8 hours.</P
-></LI
-><LI
-><P
->vl_oc_down_more_8_hr: Down time incidents: more than 8 hours.</P
-></LI
-><LI
-><P
->vl_oc_downDst_0: Down time incidents: 0 times.</P
-></LI
-><LI
-><P
->vl_oc_downDst_1: Down time incidents: 1 time.</P
-></LI
-><LI
-><P
->vl_oc_downDst_2_5: Down time incidents: 2-5 times.</P
-></LI
-><LI
-><P
->vl_oc_downDst_6_10: Down time incidents: 6-10 times.</P
-></LI
-><LI
-><P
->vl_oc_downDst_10_50: Down time incidents: 10-50 times.</P
-></LI
-><LI
-><P
->vl_oc_downDst_more_50: Down time incidents: more than 50 times.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_710"
->RPC Operation Measurements Section (RPCop_section)</A
-></H2
-><P
->File Server RPC Operation Timings Group (FS_RPCopTimes_group) <UL
-><LI
-><P
->FetchData_ops: Number of FetchData operations executed.</P
-></LI
-><LI
-><P
->FetchData_ops_ok: Number of successful FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_sum: Sum of timings for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_sqr: Sum of squares of sample timings for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_min: Minimum execution time observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_max: Maximum execution time observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchACL_ops: Number of FetchACL operations executed.</P
-></LI
-><LI
-><P
->FetchACL_ops_ok: Number of successful FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_sum: Sum of timings for FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_sqr: Sum of squares of sample timings for FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_min: Minimum execution time observed for FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_max: Maximum execution time observed for FetchACL operations.</P
-></LI
-><LI
-><P
->FetchStatus_ops: Number of FetchStatus operations executed.</P
-></LI
-><LI
-><P
->FetchStatus_ops_ok: Number of successful FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_sum: Sum of timings for FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_sqr: Sum of squares of sample timings for FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_min: Minimum execution time observed for FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_max: Maximum execution time observed for FetchStatus operations.</P
-></LI
-><LI
-><P
->StoreData_ops: Number of StoreData operations executed.</P
-></LI
-><LI
-><P
->StoreData_ops_ok: Number of successful StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_sum: Sum of timings for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_sqr: Sum of squares of sample timings for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_min: Minimum execution time observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_max: Maximum execution time observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreACL_ops: Number of StoreACL operations executed.</P
-></LI
-><LI
-><P
->StoreACL_ops_ok: Number of successful StoreACL operation.</P
-></LI
-><LI
-><P
->StoreACL_sum: Sum of timings for StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_sqr: Sum of squares of sample timings for StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_min: Minimum execution time observed for StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_max: Maximum execution time observed for StoreACL operations.</P
-></LI
-><LI
-><P
->StoreStatus_ops: Number of StoreStatus operations executed.</P
-></LI
-><LI
-><P
->StoreStatus_ops_ok: Number of successful StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_sum: Sum of timings for StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_sqr: Sum of squares of sample timings for StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_min: Minimum execution time observed for StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_max: Maximum execution time observed for StoreStatus operations.</P
-></LI
-><LI
-><P
->RemoveFile_ops: Number of RemoveFile operations executed.</P
-></LI
-><LI
-><P
->RemoveFile_ops_ok: Number of successful RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_sum: Sum of timings for RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_sqr: Sum of squares of sample timings for RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_min: Minimum execution time observed for RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_max: Maximum execution time observed for RemoveFile operations.</P
-></LI
-><LI
-><P
->CreateFile_ops: Number of CreateFile operations executed.</P
-></LI
-><LI
-><P
->CreateFile_ops_ok: Number of successful CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_sum: Sum of timings for CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_sqr: Sum of squares of sample timings for CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_min: Minimum execution time observed for CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_max: Maximum execution time observed for CreateFile operations.</P
-></LI
-><LI
-><P
->Rename_ops: Number of Rename operations executed.</P
-></LI
-><LI
-><P
->Rename_ops_ok: Number of successful Rename operations.</P
-></LI
-><LI
-><P
->Rename_sum: Sum of timings for Rename operations.</P
-></LI
-><LI
-><P
->Rename_sqr: Sum of squares of sample timings for Rename operations.</P
-></LI
-><LI
-><P
->Rename_min: Minimum execution time observed for Rename operations.</P
-></LI
-><LI
-><P
->Rename_max: Maximum execution time observed for Rename operations.</P
-></LI
-><LI
-><P
->Symlink_ops: Number of Symlink operations executed.</P
-></LI
-><LI
-><P
->Symlink_ops_ok: Number of successful Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_sum: Sum of timings for Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_sqr: Sum of squares of sample timings for Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_min: Minimum execution time observed for Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_max: Maximum execution time observed for Symlink operations.</P
-></LI
-><LI
-><P
->Link_ops: Number of Link operations executed.</P
-></LI
-><LI
-><P
->Link_ops_ok: Number of successful Link operations.</P
-></LI
-><LI
-><P
->Link_sum: Sum of timings for Link operations.</P
-></LI
-><LI
-><P
->Link_sqr: Sum of squares of sample timings for Link operations.</P
-></LI
-><LI
-><P
->Link_min: Minimum execution time observed for Link operations.</P
-></LI
-><LI
-><P
->Link_max: Maximum execution time observed for Link operations.</P
-></LI
-><LI
-><P
->MakeDir_ops: Number of MakeDir operations executed.</P
-></LI
-><LI
-><P
->MakeDir_ops_ok: Number of successful MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_sum: Sum of timings for MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_sqr: Sum of squares of sample timings for MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_min: Minimum execution time observed for MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_max: Maximum execution time observed for MakeDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_ops: Number of RemoveDir operations executed.</P
-></LI
-><LI
-><P
->RemoveDir_ops_ok: Number of successful RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_sum: Sum of timings for RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_sqr: Sum of squares of sample timings for RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_min: Minimum execution time observed for RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_max: Maximum execution time observed for RemoveDir operations.</P
-></LI
-><LI
-><P
->SetLock_ops: Number of SetLock operations executed.</P
-></LI
-><LI
-><P
->SetLock_ops_ok: Number of successful SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_sum: Sum of timings for SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_sqr: Sum of squares of sample timings for SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_min: Minimum execution time observed for SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_max: Maximum execution time observed for SetLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_ops: Number of ExtendLock operations executed.</P
-></LI
-><LI
-><P
->ExtendLock_ops_ok: Number of successful ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_sum: Sum of timings for ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_sqr: Sum of squares of sample timings for ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_min: Minimum execution time observed for ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_max: Maximum execution time observed for ExtendLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_ops: Number of ReleaseLock operations executed.</P
-></LI
-><LI
-><P
->ReleaseLock_ops_ok: Number of successful ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_sum: Sum of timings for ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_sqr: Sum of squares of sample timings for StoreStatus operations.</P
-></LI
-><LI
-><P
->ReleaseLock_min: Minimum execution time observed for ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_max: Maximum execution time observed for ReleaseLock operations.</P
-></LI
-><LI
-><P
->GetStatistics_ops: Number of GetStatistics operations executed.</P
-></LI
-><LI
-><P
->GetStatistics_ops_ok: Number of successful GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_sum: Sum of timings for GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_sqr: Sum of squares of sample timings for GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_min: Minimum execution time observed for GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_max: Maximum execution time observed for GetStatistics operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_ops: Number of GiveUpCallbacks operations executed.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_ops_ok: Number of successful GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_sum: Sum of timings for GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_sqr: Sum of squares of sample timings for GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_min: Minimum execution time observed for GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_max: Maximum execution time observed for GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_ops: Number of GetVolumeInfo operations executed.</P
-></LI
-><LI
-><P
->GetVolumeInfo_ops_ok: Number of successful GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_sum: Sum of timings for GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_sqr: Sum of squares of sample timings for GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_min: Minimum execution time observed for GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_max: Maximum execution time observed for GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_ops: Number of GetVolumeStatus operations executed.</P
-></LI
-><LI
-><P
->GetVolumeStatus_ops_ok: Number of successful GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_sum: Sum of timings for GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_sqr: Sum of squares of sample timings for GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_min: Minimum execution time observed for GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_max: Maximum execution time observed for GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_ops: Number of SetVolumeStatus operations executed.</P
-></LI
-><LI
-><P
->SetVolumeStatus_ops_ok: Number of successful SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_sum: Sum of timings for SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_sqr: Sum of squares of sample timings for SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_min: Minimum execution time observed for SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_max: Maximum execution time observed for SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetRootVolume_ops: Number of GetRootVolume operations executed.</P
-></LI
-><LI
-><P
->GetRootVolume_ops_ok: Number of successful GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_sum: Sum of timings for GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_sqr: Sum of squares of sample timings for GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_min: Minimum execution time observed for GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_max: Maximum execution time observed for GetRootVolume operations.</P
-></LI
-><LI
-><P
->CheckToken_ops: Number of CheckToken operations executed.</P
-></LI
-><LI
-><P
->CheckToken_ops_ok: Number of successful CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_sum: Sum of timings for CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_sqr: Sum of squares of sample timings for CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_min: Minimum execution time observed for CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_max: Maximum execution time observed for CheckToken operations.</P
-></LI
-><LI
-><P
->GetTime_ops: Number of GetTime operations executed.</P
-></LI
-><LI
-><P
->GetTime_ops_ok: Number of successful GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_sum: Sum of timings for GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_sqr: Sum of squares of sample timings for GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_min: Minimum execution time observed for GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_max: Maximum execution time observed for GetTime operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_ops: Number of NGetVolumeInfo operations executed.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_ops_ok: Number of successful NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_sum: Sum of timings for NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_sqr: Sum of squares of sample timings for NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_min: Minimum execution time observed for NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_max: Maximum execution time observed for NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->BulkStatus_ops: Number of BulkStatus operations executed.</P
-></LI
-><LI
-><P
->BulkStatus_ops_ok: Number of successful BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_sum: Sum of timings for BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_sqr: Sum of squares of sample timings for BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_min: Minimum execution time observed for BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_max: Maximum execution time observed for BulkStatus operations.</P
-></LI
-><LI
-><P
->XStatsVersion_ops: Number of XStatsVersion operations executed.</P
-></LI
-><LI
-><P
->XStatsVersion_ops_ok: Number of successful XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_sum: Sum of timings for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_sqr: Sum of squares of sample timings for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_min: Minimum execution time observed for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_max: Maximum execution time observed for XStatsVersion operations.</P
-></LI
-><LI
-><P
->GetXStats_ops: Number of GetXStats operations executed.</P
-></LI
-><LI
-><P
->GetXStats_ops_ok: Number of successful GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_sum: Sum of timings for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXstats_sqr: Sum of squares of sample timings for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_min: Minimum execution time observed for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_max: Maximum execution time observed for GetXStats operations.</P
-></LI
-></UL
-></P
-><P
->File Server RPC Operation Errors Group (FS_RPCopErrors_group) <UL
-><LI
-><P
->FetchData_srv_err: Number of server-down errors during FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_net_err: Number of network errors during FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_prot_err_err: Number of protection violations during FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_vol_err: Number of volume related errors during FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_busy_err: Number of volume busy conditions during FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_other_err: Number of miscellaneous other errors during FetchData operations.</P
-></LI
-><LI
-><P
->FetchACL_srv_err: Number of server-down errors during FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_net_err: Number of network errors during FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_prot_err: Number of protection violations during FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_vol_err: Number of volume related errors during FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_busy_err: Number of volume busy conditions encountered during FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_other_err: Number of miscellaneous other errors during FetchACL operations.</P
-></LI
-><LI
-><P
->FetchStatus_srv_err: Number of server-down errors during FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_net_err: Number of network errors during FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_prot_err: Number of protection violations during FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_vol_err: Number of volume related errors during FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_busy_err: Number of volume busy conditions encountered during FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_other_err: Number of miscellaneous other errors during FetchStatus operations.</P
-></LI
-><LI
-><P
->StoreData_srv_err: Number of server-down errors during StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_net_err: Number of network errors during StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_prot_err: Number of protection violations during StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_vol_err: Number of volume related errors during StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_busy_err: Number of volume busy conditions encountered during StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_other_err: Number of miscellaneous other errors during StoreData operations.</P
-></LI
-><LI
-><P
->StoreACL_srv_err: Number of server-down errors during StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_net_err: Number of network errors during StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_prot_err: Number of protection violations during StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_vol_err: Number of volume related errors during StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_busy_err: Number of volume busy conditions encountered during StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_other_err: Number of miscellaneous other errors during StoreACL operations.</P
-></LI
-><LI
-><P
->StoreStatus_srv_err: Number of server-down errors during StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_net_err: Number of network errors during StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_prot_err: Number of protection violations during StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_vol_err: Number of volume related errors during StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_busy_err: Number of volume busy conditions encountered during StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_other_err: Number of miscellaneous other errors during StoreStatus operations.</P
-></LI
-><LI
-><P
->RemoveFile_srv_err: Number of server-down errors during RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_net_err: Number of network errors during RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_prot_err: Number of protection violations during RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_vol_err: Number of volume related errors during RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_busy_err: Number of volume busy conditions encountered during RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_other_err: Number of miscellaneous other errors during RemoveFile operations.</P
-></LI
-><LI
-><P
->CreateFile_srv_err: Number of server-down errors during CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_net_err: Number of network errors during CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_prot_err: Number of protection violations during CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_vol_err: Number of volume related errors during CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_busy_err: Number of volume busy conditions encountered during CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_other_err: Number of miscellaneous other errors during CreateFile operations.</P
-></LI
-><LI
-><P
->Rename_srv_err: Number of server-down errors during Rename operations.</P
-></LI
-><LI
-><P
->Rename_net_err: Number of network errors during Rename operations.</P
-></LI
-><LI
-><P
->Rename_prot_err: Number of protection violations during Rename operations.</P
-></LI
-><LI
-><P
->Rename_vol_err: Number of volume related errors during Rename operations.</P
-></LI
-><LI
-><P
->Rename_busy_err: Number of volume busy conditions encountered during Rename operations.</P
-></LI
-><LI
-><P
->Rename_other_err: Number of miscellaneous other errors during Rename operations.</P
-></LI
-><LI
-><P
->Symlink_srv_err: Number of server-down errors during Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_net_err: Number of network errors during Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_prot_err: Number of protection violations during Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_vol_err: Number of volume related errors during Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_busy_err: Number of volume busy conditions encountered during Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_other_err: Number of miscellaneous other errors during Symlink operations.</P
-></LI
-><LI
-><P
->Link_srv_err: Number of server-down errors during Link operations.</P
-></LI
-><LI
-><P
->Link_net_err: Number of network errors during Link operations.</P
-></LI
-><LI
-><P
->Link_prot_err: Number of protection violations during Link operations.</P
-></LI
-><LI
-><P
->Link_vol_err: Number of volume related errors during Link operations.</P
-></LI
-><LI
-><P
->Link_busy_err: Number of volume busy conditions encountered during Link operations.</P
-></LI
-><LI
-><P
->Link_other_err: Number of miscellaneous other errors during Link operations.</P
-></LI
-><LI
-><P
->MakeDir_srv_err: Number of server-down errors during MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_net_err: Number of network errors during MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_prot_err: Number of protection violations during MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_vol_err: Number of volume related errors during MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_busy_err: Number of volume busy conditions encountered during MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_other_err: Number of miscellaneous other errors during MakeDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_srv_err: Number of server-down errors during RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_net_err: Number of network errors during RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_prot_err: Number of protection violations during RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_vol_err: Number of volume related errors during RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_busy_err: Number of volume busy conditions encountered during RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_other_err: Number of miscellaneous other errors during RemoveDir operations.</P
-></LI
-><LI
-><P
->SetLock_srv_err: Number of server-down errors during SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_net_err: Number of network errors during SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_prot_err: Number of protection violations during SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_vol_err: Number of volume related errors during SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_busy_err: Number of volume busy conditions encountered during SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_other_err: Number of miscellaneous other errors during SetLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_srv_err: Number of server-down errors during ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_net_err: Number of network errors during ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_prot_err: Number of protection violations during ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_vol_err: Number of volume related errors during ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_busy_err: Number of volume busy conditions encountered during ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_other_err: Number of miscellaneous other errors during ExtendLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_srv_err: Number of server-down errors during ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_net_err: Number of network errors during ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_prot_err: Number of protection violations during ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_vol_err: Number of volume related errors during ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_busy_err: Number of volume busy conditions encountered during ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_other_err: Number of miscellaneous other errors during ReleaseLock operations.</P
-></LI
-><LI
-><P
->GetStatistics_srv_err: Number of server-down errors during GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_net_err: Number of network errors during GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_prot_err: Number of protection violations during GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_vol_err: Number of volume related errors during GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_busy_err: Number of volume busy conditions encountered during GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_other_err: Number of miscellaneous other errors during GetStatistics operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_srv_err: Number of server-down errors during GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_net_err: Number of network errors during GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_prot_err: Number of protection violations during GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_vol_err: Number of volume related errors during GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_busy_err: Number of volume busy conditions encountered during GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_other_err: Number of miscellaneous other errors during GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_srv_err: Number of server-down errors during GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_net_err: Number of network errors during GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_prot_err: Number of protection violations during GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_vol_err: Number of volume related errors during GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_busy_err: Number of volume busy conditions encountered during GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_other_err: Number of miscellaneous other errors during GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_srv_err: Number of server-down errors during GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_net_err: Number of network errors during GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_prot_err: Number of protection violations during GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_vol_err: Number of volume related errors during GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_busy_err: Number of volume busy conditions encountered during GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_other_err: Number of miscellaneous other errors during GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_srv_err : Number of server-down errors during SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_net_err: Number of network errors during SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_prot_err: Number of protection violations during SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_vol_err: Number of volume related errors during SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_busy_err: Number of volume busy conditions encountered during SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_other_err: Number of miscellaneous other errors during SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetRootVolume_srv_err: Number of server-down errors during GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_net_err: Number of network errors during GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_prot_err: Number of protection violations during GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_vol_err: Number of volume related errors during GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_busy_err: Number of volume busy conditions encountered during GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_other_err: Number of miscellaneous other errors during GetRootVolume operations.</P
-></LI
-><LI
-><P
->CheckToken_srv_err: Number of server-down errors during CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_net_err: Number of network errors during CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_prot_err: Number of protection violations during CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_vol_err: Number of volume related errors during CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_busy_err: Number of volume busy conditions encountered during CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_other_err: Number of miscellaneous other errors during CheckToken operations.</P
-></LI
-><LI
-><P
->GetTime_srv_err: Number of server-down errors during GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_net_err: Number of network errors during GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_prot_err: Number of protection violations during GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_vol_err: Number of volume related errors during GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_busy_err: Number of volume busy conditions encountered during GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_other_err: Number of miscellaneous other errors during GetTime operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_srv_err: Number of server-down errors during NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_net_err: Number of network errors during NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_prot_err: Number of protection violations during NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_vol_err: Number of volume related errors during NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_busy_err: Number of volume busy conditions encountered during NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_other_err: Number of miscellaneous other errors during NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->BulkStatus_srv_err: Number of server-down errors during BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_net_err: Number of network errors during BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_prot_err: Number of protection violations during BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_vol_err: Number of volume related errors during BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_busy_err: Number of volume busy conditions encountered during BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_other_err: Number of miscellaneous other errors during BulkStatus operations.</P
-></LI
-><LI
-><P
->XStatsVersion_srv_err: Number of server-down errors during XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_net_err: Number of network errors during XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_prot_err: Number of protection violations during XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_vol_err: Number of volume related errors during XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_busy_err: Number of volume busy conditions encountered during XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_other_err: Number of miscellaneous other errors during XStatsVersion operations.</P
-></LI
-><LI
-><P
->GetXStats_srv_err: Number of server-down errors during GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_net_err: Number of network errors during GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_prot_err: Number of protection violations during GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_vol_err: Number of volume related errors during GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_busy_err: Number of volume busy conditions encountered during GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_other_err: Number of miscellaneous other errors during GetXStats operations.</P
-></LI
-></UL
-></P
-><P
->File Server RPC Transfer Timings Group (FS_RPCopBytes_group) <UL
-><LI
-><P
->FetchData_xfers: Number of FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_ok: Number of successful FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_sum: Sum of timing values for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_sqr: Sum of squares of sample timings for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_min: Minimum transfer time observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_max: Maximum transfer time observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bytes_sum: Sum of bytes transferred for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bytes_min: Minimum byte transfer observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bytes_max: Maximum byte transfer observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket0: Tally in bucket0 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket1: Tally in bucket1 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket2: Tally in bucket2 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket3: Tally in bucket3 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket4: Tally in bucket4 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket5: Tally in bucket5 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket6: Tally in bucket6 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket7: Tally in bucket7 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket8: Tally in bucket8 for FetchData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers: Number of StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_ok: Number of successful StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_sum: Sum of timing values for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_sqr: Sum of squares of sample timings for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_min: Minimum transfer time observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_max: Maximum transfer time observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bytes_sum: Sum of bytes transferred for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bytes_min: Minimum byte transfer observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bytes_max: Maximum byte transfer observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket0: Tally in bucket0 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket1: Tally in bucket1 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket2: Tally in bucket2 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket3: Tally in bucket3 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket4: Tally in bucket4 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket5: Tally in bucket5 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket6: Tally in bucket6 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket7: Tally in bucket7 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket8: Tally in bucket8 for StoreData operations.</P
-></LI
-></UL
-></P
-><P
->Cache Manager RPC Operation Timings Group (CM_RPCopTimes_group) <UL
-><LI
-><P
->CallBack_ops: Number of CallBack operations executed.</P
-></LI
-><LI
-><P
->CallBack_ops_ok: Number of successful CallBack operations.</P
-></LI
-><LI
-><P
->CallBack_ops_sum: Sum of timings for CallBack operations.</P
-></LI
-><LI
-><P
->CallBack_ops_min: Minimum execution time observed for CallBack operations.</P
-></LI
-><LI
-><P
->CallBack_ops_max: Maximum execution time observed for CallBack operations.</P
-></LI
-><LI
-><P
->CallBack_ops_sqr: Sum of the square of CallBack operations executed.</P
-></LI
-><LI
-><P
->InitCallBackState_ops: Number of InitCallBackState operations executed.</P
-></LI
-><LI
-><P
->InitCallBackState_ops_ok: Number of successful InitCallBackState operations.</P
-></LI
-><LI
-><P
->InitCallBackState_ops_sum: Sum of timings for InitCallBackState operations.</P
-></LI
-><LI
-><P
->InitCallBackState_ops_min: Minimum execution time observed for InitCallBackState operations.</P
-></LI
-><LI
-><P
->InitCallBackState_ops_max: Maximum execution time observed for InitCallBackState operations.</P
-></LI
-><LI
-><P
->InitCallBackState_ops_sqr: Sum of squares of timings for InitCallBackState operations.</P
-></LI
-><LI
-><P
->Probe_ops: Number of Probe operations executed.</P
-></LI
-><LI
-><P
->Probe_ops_ok: Number of successful Probe operations.</P
-></LI
-><LI
-><P
->Probe_ops_sum: Sum of timings for Probe operations.</P
-></LI
-><LI
-><P
->Probe_ops_min: Minimum execution time observed for Probe operations.</P
-></LI
-><LI
-><P
->Probe_ops_max: Maximum execution time observed for Probe operations.</P
-></LI
-><LI
-><P
->Probe_ops_sqr: Sum of squares of timings for Probe operations.</P
-></LI
-><LI
-><P
->GetLock_ops: Number of GetLock operations executed.</P
-></LI
-><LI
-><P
->GetLock_ops_ok: Number of successful GetLock operations.</P
-></LI
-><LI
-><P
->GetLock_ops_sum: Sum of timings for GetLock operations.</P
-></LI
-><LI
-><P
->GetLock_ops_min: Minimum execution time observed for GetLock operations.</P
-></LI
-><LI
-><P
->GetLock_ops_max: Maximum execution time observed for GetLock operations.</P
-></LI
-><LI
-><P
->GetLock_ops_sqr: Sum of squares of timings for GetLock operations.</P
-></LI
-><LI
-><P
->GetCE_ops: Number of GetCE operations executed.</P
-></LI
-><LI
-><P
->GetCE_ops_ok: Number of successful GetCE operations.</P
-></LI
-><LI
-><P
->GetCE_ops_sum: Sum of timings for GetCE operations.</P
-></LI
-><LI
-><P
->GetCE_ops_min: Minimum execution time observed for GetCE operations.</P
-></LI
-><LI
-><P
->GetCE_ops_max: Maximum execution time observed for GetCE operations.</P
-></LI
-><LI
-><P
->GetCE_ops_sqr: Sum of squares of timings for GetCE operations.</P
-></LI
-><LI
-><P
->XStatsVersion_CM_ops: Number of XStatsVersion operations executed.</P
-></LI
-><LI
-><P
->XStatsVersion_CM_ops_ok: Number of successful XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_CM_ops_sum: Sum of timings for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_CM_ops_min: Minimum execution time observed for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_CM_ops_max: Maximum execution time observed for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_CM_ops_sqr: Sum of squares of timings for XStatsVersion operations.</P
-></LI
-><LI
-><P
->GetXStats_CM_ops: Number of GetXStats operations executed.</P
-></LI
-><LI
-><P
->GetXStats_CM_ops_ok: Number of successful GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_CM_ops_sum: Sum of timings for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_CM_ops_min: Minimum execution time observed for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_CM_ops_max: Maximum execution time observed for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_CM_ops_sqr: Sum of squares of timings for GetXStats operations.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_711"
->Authentication and Replicated File Access Section (Auth_Access_section)</A
-></H2
-><P
->Authentication Information for Cache Manager Group (Auth_Stats_group) <UL
-><LI
-><P
->curr_PAGs: Current number of PAGs.</P
-></LI
-><LI
-><P
->curr_Records: Current number of records in table.</P
-></LI
-><LI
-><P
->curr_AuthRecords: Current number of of authenticated records (with valid ticket).</P
-></LI
-><LI
-><P
->curr_UnauthRecords: Current number of of unauthenticated records (without any ticket at all).</P
-></LI
-><LI
-><P
->curr_MaxRecordsInPAG: Maximum records for a single PAG.</P
-></LI
-><LI
-><P
->curr_LongestChain: Length of longest current hash chain.</P
-></LI
-><LI
-><P
->PAGCreations: Number of PAG creations.</P
-></LI
-><LI
-><P
->TicketUpdates: Number of ticket additions/refreshes.</P
-></LI
-><LI
-><P
->HWM_PAGS: High water mark - number of PAGs.</P
-></LI
-><LI
-><P
->HWM_Records: High water mark - number of records.</P
-></LI
-><LI
-><P
->HWM_MaxRecordsInPAG: High water mark - maximum records for a single PAG.</P
-></LI
-><LI
-><P
->HWM_LongestChain: High water mark - longest hash chain.</P
-></LI
-></UL
-></P
-><P
->Unreplicated File Access Group (Access_Stats_group) <UL
-><LI
-><P
->unreplicatedRefs: Number of references to unreplicated data.</P
-></LI
-><LI
-><P
->replicatedRefs: Number of references to replicated data.</P
-></LI
-><LI
-><P
->numReplicasAccessed: Number of replicas accessed.</P
-></LI
-><LI
-><P
->maxReplicasPerRef: Maximum number of replicas accessed per reference.</P
-></LI
-><LI
-><P
->refFirstReplicaOK: Number of references satisfied by 1st replica.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ619"
->The File Server Statistics</A
-></H1
-><P
->File Server statistics are classified into the following sections and groups: <UL
-><LI
-><P
->PerfStats_section: Performance Statistics Section. <UL
-><LI
-><P
->VnodeCache_group: Vnode Cache Group.</P
-></LI
-><LI
-><P
->Directory_group: Directory Package Group.</P
-></LI
-><LI
-><P
->Rx_group: Rx Group.</P
-></LI
-><LI
-><P
->HostModule_group: Host Module Fields Group.</P
-></LI
-><LI
-><P
->misc_group: Miscellaneous Variables Group.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->RPCop_section: RPC Operations Section. <UL
-><LI
-><P
->RPCopTimes_group: Individual RPC Operation Timings.</P
-></LI
-><LI
-><P
->RPCopBytes_group: Byte Information for Certain RPC Operations.</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-><P
->All File Server variables categorized under the above sections and groups names are listed below.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_713"
->Performance Statistics Section (PerfStats_section)</A
-></H2
-><P
->Vnode Cache Group (VnodeCache_group) <UL
-><LI
-><P
->vcache_L_Entries: Number of entries in LARGE vnode cache.</P
-></LI
-><LI
-><P
->vcache_L_Allocs: Number of allocs (large).</P
-></LI
-><LI
-><P
->vcache_L_Gets: Number of gets (large).</P
-></LI
-><LI
-><P
->vcache_L_Reads: Number of reads (large).</P
-></LI
-><LI
-><P
->vcache_L_Writes: Number of writes (large).</P
-></LI
-><LI
-><P
->vcache_S_Entries: Number of entries in SMALL vnode cache.</P
-></LI
-><LI
-><P
->vcache_S_Allocs: Number of allocs (small).</P
-></LI
-><LI
-><P
->vcache_S_Gets: Number of gets (small).</P
-></LI
-><LI
-><P
->vcache_S_Reads: Number of reads (small).</P
-></LI
-><LI
-><P
->vcache_S_Writes: Number of writes (small).</P
-></LI
-><LI
-><P
->vcache_H_Entries: Number of entries in HEADER vnode cache.</P
-></LI
-><LI
-><P
->vcache_H_Gets: Number of gets (header)</P
-></LI
-><LI
-><P
->vcache_H_Replacements: Number of replacements (header)</P
-></LI
-></UL
-></P
-><P
->Directory Package Group (Directory_group) <UL
-><LI
-><P
->dir_Buffers: Number of buffers in use.</P
-></LI
-><LI
-><P
->dir_Calls: Number of read calls made.</P
-></LI
-><LI
-><P
->dir_IOs: I/O operations performed.</P
-></LI
-></UL
-></P
-><P
->Rx Group (Rx_group) <UL
-><LI
-><P
->rx_packetRequests: Packet allocation requests.</P
-></LI
-><LI
-><P
->rx_noPackets_RcvClass: Failed packet requests (receive class).</P
-></LI
-><LI
-><P
->rx_noPackets_SendClass: Failed packet requests (send class).</P
-></LI
-><LI
-><P
->rx_noPackets_SpecialClass: Failed packet requests (special class).</P
-></LI
-><LI
-><P
->rx_socketGreedy: Did SO_GREEDY succeed?</P
-></LI
-><LI
-><P
->rx_bogusPacketOnRead: Short packets received.</P
-></LI
-><LI
-><P
->rx_bogusHost: Host address from bogus packets.</P
-></LI
-><LI
-><P
->rx_noPacketOnRead: Read packets with no packet there.</P
-></LI
-><LI
-><P
->rx_noPacketBuffersOnRead: Packets dropped due to buffer shortage.</P
-></LI
-><LI
-><P
->rx_selects: Selects waiting on packet or timeout.</P
-></LI
-><LI
-><P
->rx_sendSelects: Selects forced upon sends.</P
-></LI
-><LI
-><P
->rx_packetsRead_RcvClass: Packets read (receive class).</P
-></LI
-><LI
-><P
->rx_packetsRead_SendClass: Packets read (send class).</P
-></LI
-><LI
-><P
->rx_packetsRead_SpecialClass: Packets read (special class).</P
-></LI
-><LI
-><P
->rx_dataPacketsRead: Unique data packets read off wire.</P
-></LI
-><LI
-><P
->rx_ackPacketsRead: ACK packets read.</P
-></LI
-><LI
-><P
->rx_dupPacketsRead: Duplicate data packets read.</P
-></LI
-><LI
-><P
->rx_spuriousPacketsRead: Inappropriate packets read.</P
-></LI
-><LI
-><P
->rx_packetsSent_RcvClass: Packets sent (receive class).</P
-></LI
-><LI
-><P
->rx_packetsSent_SendClass: Packets sent (send class).</P
-></LI
-><LI
-><P
->rx_packetsSent_SpecialClass: Packets sent (special class).</P
-></LI
-><LI
-><P
->rx_ackPacketsSent: ACK packets sent.</P
-></LI
-><LI
-><P
->rx_pingPacketsSent: Ping packets sent.</P
-></LI
-><LI
-><P
->rx_abortPacketsSent: Abort packets sent.</P
-></LI
-><LI
-><P
->rx_busyPacketsSent: Busy packets sent.</P
-></LI
-><LI
-><P
->rx_dataPacketsSent: Unique data packets sent.</P
-></LI
-><LI
-><P
->rx_dataPacketsReSent: Retransmissions sent.</P
-></LI
-><LI
-><P
->rx_dataPacketsPushed: Retransmissions pushed by NACK.</P
-></LI
-><LI
-><P
->rx_ignoreAckedPacket: Packets with ACKed flag on rxi_Start.</P
-></LI
-><LI
-><P
->rx_totalRtt_Sec and rx_totalRtt_Usec: Total round trip time (in seconds and milliseconds).</P
-></LI
-><LI
-><P
->rx_minRtt_Sec and rx_minRtt_Usec: Minimum round trip time (in seconds and milliseconds).</P
-></LI
-><LI
-><P
->rx_maxRtt_Sec and rx_maxRtt_Usec: Maximum round trip time (in seconds and milliseconds).</P
-></LI
-><LI
-><P
->rx_nRttSamples: Round trip samples.</P
-></LI
-><LI
-><P
->rx_nServerConns: Total server connections.</P
-></LI
-><LI
-><P
->rx_nClientConns: Total client connections.</P
-></LI
-><LI
-><P
->rx_nPeerStructs: Total peer structures.</P
-></LI
-><LI
-><P
->rx_nCallStructs: Total call structures.</P
-></LI
-><LI
-><P
->rx_nFreeCallStructs: Total free call structures.</P
-></LI
-></UL
-></P
-><P
->Host Module Fields Group (HostModule_group) <UL
-><LI
-><P
->host_NumHostEntries: Number of host entries.</P
-></LI
-><LI
-><P
->host_HostBlocks: Blocks in use for hosts.</P
-></LI
-><LI
-><P
->host_NonDeletedHosts: Non-deleted hosts.</P
-></LI
-><LI
-><P
->host_HostsInSameNetOrSubnet: Hosts in same subnet as server.</P
-></LI
-><LI
-><P
->host_HostsInDiffSubnet: Hosts in different subnet than server.</P
-></LI
-><LI
-><P
->host_HostsInDiffNetwork: Hosts in different network than server.</P
-></LI
-><LI
-><P
->host_NumClients: Number of client entries.</P
-></LI
-><LI
-><P
->host_ClientBlocks: Blocks in use for clients.</P
-></LI
-></UL
-></P
-><P
->Miscellaneous Variables Group (misc_group) <UL
-><LI
-><P
->numPerfCalls: Number of performance calls received.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_714"
->RPC Operations Section (RPCop_section)</A
-></H2
-><P
->Individual RPC Operation Timings Group (RPCopTimes_group) <UL
-><LI
-><P
->epoch: Time when data collection began.</P
-></LI
-><LI
-><P
->FetchData_ops: Number of FetchData operations executed.</P
-></LI
-><LI
-><P
->FetchData_ops_ok: Number of successful FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_sum: Sum of timings for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_sqr: Sum of squares of sample timings for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_min: Minimum execution time observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_max: Maximum execution time observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchACL_ops: Number of FetchACL operations executed.</P
-></LI
-><LI
-><P
->FetchACL_ops_ok: Number of successful FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_sum: Sum of timings for FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_sqr: Sum of squares of sample timings for FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_min: Minimum execution time observed for FetchACL operations.</P
-></LI
-><LI
-><P
->FetchACL_max: Maximum execution time observed for FetchACL operations.</P
-></LI
-><LI
-><P
->FetchStatus_ops: Number of FetchStatus operations executed.</P
-></LI
-><LI
-><P
->FetchStatus_ops_ok: Number of successful FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_sum: Sum of timings for FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_sqr: Sum of squares of sample timings for FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_min: Minimum execution time observed for FetchStatus operations.</P
-></LI
-><LI
-><P
->FetchStatus_max: Maximum execution time observed for FetchStatus operations.</P
-></LI
-><LI
-><P
->StoreData_ops: Number of StoreData operations executed.</P
-></LI
-><LI
-><P
->StoreData_ops_ok: Number of successful StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_sum: Sum of timings for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_sqr: Sum of squares of sample timings for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_min: Minimum execution time observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_max: Maximum execution time observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreACL_ops: Number of StoreACL operations executed.</P
-></LI
-><LI
-><P
->StoreACL_ops_ok: Number of successful StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_sum: Sum of timings for StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_sqr: Sum of squares of sample timings for StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_min: Minimum execution time observed for StoreACL operations.</P
-></LI
-><LI
-><P
->StoreACL_max: Maximum execution time observed for StoreACL operations.</P
-></LI
-><LI
-><P
->StoreStatus_ops: Number of StoreStatus operations executed.</P
-></LI
-><LI
-><P
->StoreStatus_ops_ok: Number of successful StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_sum: Sum of timings for StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_sqr: Sum of squares of sample timings for StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_min: Minimum execution time observed for StoreStatus operations.</P
-></LI
-><LI
-><P
->StoreStatus_max: Maximum execution time observed for StoreStatus operations.</P
-></LI
-><LI
-><P
->RemoveFile_ops: Number of RemoveFile operations executed.</P
-></LI
-><LI
-><P
->RemoveFile_ops_ok: Number of successful RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_sum: Sum of timings for RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_sqr: Sum of squares of sample timings for RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_min: Minimum execution time observed for RemoveFile operations.</P
-></LI
-><LI
-><P
->RemoveFile_max: Maximum execution time observed for RemoveFile operations.</P
-></LI
-><LI
-><P
->CreateFile_ops: Number of CreateFile operations executed.</P
-></LI
-><LI
-><P
->CreateFile_ops_ok: Number of successful CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_sum: Sum of timings for CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_sqr: Sum of squares of sample timings for CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_min: Minimum execution time observed for CreateFile operations.</P
-></LI
-><LI
-><P
->CreateFile_max: Maximum execution time observed for CreateFile operations.</P
-></LI
-><LI
-><P
->Rename_ops: Number of Rename operations executed.</P
-></LI
-><LI
-><P
->Rename_ops_ok: Number of successful Rename operations.</P
-></LI
-><LI
-><P
->Rename_sum: Sum of timings for Rename operations.</P
-></LI
-><LI
-><P
->Rename_sqr: Sum of squares of sample timings for Rename operations.</P
-></LI
-><LI
-><P
->Rename_min: Minimum execution time observed for Rename operations.</P
-></LI
-><LI
-><P
->Rename_max: Maximum execution time observed for Rename operations.</P
-></LI
-><LI
-><P
->Symlink_ops: Number of Symlink operations executed.</P
-></LI
-><LI
-><P
->Symlink_ops_ok: Number of successful Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_sum: Sum of timings for Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_sqr: Sum of squares of sample timings for Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_min: Minimum execution time observed for Symlink operations.</P
-></LI
-><LI
-><P
->Symlink_max: Maximum execution time observed for Symlink operations.</P
-></LI
-><LI
-><P
->Link_ops: Number of Link operations executed.</P
-></LI
-><LI
-><P
->Link_ops_ok: Number of successful Link operations.</P
-></LI
-><LI
-><P
->Link_sum: Sum of timings for Link operations.</P
-></LI
-><LI
-><P
->Link_sqr: Sum of squares of sample timings for Link operations.</P
-></LI
-><LI
-><P
->Link_min: Minimum execution time observed for Link operations.</P
-></LI
-><LI
-><P
->Link_max: Maximum execution time observed for Link operations.</P
-></LI
-><LI
-><P
->MakeDir_ops: Number of MakeDir operations executed.</P
-></LI
-><LI
-><P
->MakeDir_ops_ok: Number of successful MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_sum: Sum of timings for MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_sqr: Sum of squares of sample timings for MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_min: Minimum execution time observed for MakeDir operations.</P
-></LI
-><LI
-><P
->MakeDir_max: Maximum execution time observed for MakeDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_ops: Number of RemoveDir operations executed.</P
-></LI
-><LI
-><P
->RemoveDir_ops_ok: Number of successful RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_sum: Sum of timings for RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_sqr: Sum of squares of sample timings for RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_min: Minimum execution time observed for RemoveDir operations.</P
-></LI
-><LI
-><P
->RemoveDir_max: Maximum execution time observed for RemoveDir operations.</P
-></LI
-><LI
-><P
->SetLock_ops: Number of SetLock operations executed.</P
-></LI
-><LI
-><P
->SetLock_ops_ok: Number of successful SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_sum: Sum of timings for SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_sqr: Sum of squares of sample timings for SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_min: Minimum execution time observed for SetLock operations.</P
-></LI
-><LI
-><P
->SetLock_max: Maximum execution time observed for SetLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_ops: Number of ExtendLock operations executed.</P
-></LI
-><LI
-><P
->ExtendLock_ops_ok: Number of successful ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_sum: Sum of timings for ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_sqr: Sum of squares of sample timings for ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_min: Minimum execution time observed for ExtendLock operations.</P
-></LI
-><LI
-><P
->ExtendLock_max: Maximum execution time observed for ExtendLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_ops: Number of ReleaseLock operations executed.</P
-></LI
-><LI
-><P
->ReleaseLock_ops_ok: Number of successful ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_sum: Sum of timings for ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_sqr: Sum of squares of sample timings for ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_min: Minimum execution time observed for ReleaseLock operations.</P
-></LI
-><LI
-><P
->ReleaseLock_max: Maximum execution time observed for ReleaseLock operations.</P
-></LI
-><LI
-><P
->GetStatistics_ops: Number of GetStatistics operations executed.</P
-></LI
-><LI
-><P
->GetStatistics_ops_ok: Number of successful GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_sum: Sum of timings for GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_sqr: Sum of squares of sample timings for GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_min: Minimum execution time observed for GetStatistics operations.</P
-></LI
-><LI
-><P
->GetStatistics_max: Maximum execution time observed for GetStatistics operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_ops: Number of GiveUpCallbacks operations executed.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_ops_ok: Number of successful GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_sum: Sum of timings for GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_sqr: Sum of squares of sample timings for GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_min: Minimum execution time observed for GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GiveUpCallbacks_max: Maximum execution time observed for GiveUpCallbacks operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_ops: Number of GetVolumeInfo operations executed.</P
-></LI
-><LI
-><P
->GetVolumeInfo_ops_ok: Number of successful GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_sum: Sum of timings for GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_sqr: Sum of squares of sample timings for GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_min: Minimum execution time observed for GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeInfo_max: Maximum execution time observed for GetVolumeInfo operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_ops: Number of GetVolumeStatus operations executed.</P
-></LI
-><LI
-><P
->GetVolumeStatus_ops_ok: Number of successful GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_sum: Sum of timings for GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_sqr: Sum of squares of sample timings for GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_min: Minimum execution time observed for GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetVolumeStatus_max: Maximum execution time observed for GetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_ops: Number of SetVolumeStatus operations executed.</P
-></LI
-><LI
-><P
->SetVolumeStatus_ops_ok: Number of successful SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_sum: Sum of timings for SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_sqr: Sum of squares of sample timings for SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_min: Minimum execution time observed for SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->SetVolumeStatus_max: Maximum execution time observed for SetVolumeStatus operations.</P
-></LI
-><LI
-><P
->GetRootVolume_ops: Number of GetRootVolume operations executed.</P
-></LI
-><LI
-><P
->GetRootVolume_ops_ok: Number of successful GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_sum: Sum of timings for GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_sqr: Sum of squares of sample timings for GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_min: Minimum execution time observed for GetRootVolume operations.</P
-></LI
-><LI
-><P
->GetRootVolume_max: Maximum execution time observed for GetRootVolume operations.</P
-></LI
-><LI
-><P
->CheckToken_ops: Number of CheckToken operations executed.</P
-></LI
-><LI
-><P
->CheckToken_ops_ok: Number of successful CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_sum: Sum of timings for CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_sqr: Sum of squares of sample timings for CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_min: Minimum execution time observed for CheckToken operations.</P
-></LI
-><LI
-><P
->CheckToken_max: Maximum execution time observed for CheckToken operations.</P
-></LI
-><LI
-><P
->GetTime_ops: Number of GetTime operations executed.</P
-></LI
-><LI
-><P
->GetTime_ops_ok: Number of successful GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_sum: Sum of timings for GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_sqr: Sum of squares of sample timings for GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_min: Minimum execution time observed for GetTime operations.</P
-></LI
-><LI
-><P
->GetTime_max: Maximum execution time observed for GetTime operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_ops: Number of NGetVolumeInfo operations executed.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_ops_ok: Number of successful NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_sum: Sum of timings for NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_sqr: Sum of squares of sample timings for NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_min: Minimum execution time observed for NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->NGetVolumeInfo_max: Maximum execution time observed for NGetVolumeInfo operations.</P
-></LI
-><LI
-><P
->BulkStatus_ops: Number of BulkStatus operations executed.</P
-></LI
-><LI
-><P
->BulkStatus_ops_ok: Number of successful BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_sum: Sum of timings for BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_sqr: Sum of squares of sample timings for BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_min: Minimum execution time observed for BulkStatus operations.</P
-></LI
-><LI
-><P
->BulkStatus_max: Maximum execution time observed for BulkStatus operations.</P
-></LI
-><LI
-><P
->XStatsVersion_ops: Number of XStatsVersion operations executed.</P
-></LI
-><LI
-><P
->XStatsVersion_ops_ok: Number of successful XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_sum: Sum of timings for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_sqr: Sum of squares of sample timings for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_min: Minimum execution time observed for XStatsVersion operations.</P
-></LI
-><LI
-><P
->XStatsVersion_max: Maximum execution time observed for XStatsVersion operations.</P
-></LI
-><LI
-><P
->GetXStats_ops: Number of GetXStats operations executed.</P
-></LI
-><LI
-><P
->GetXStats_ops_ok: Number of successful GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_sum: Sum of timings for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_sqr: Sum of squares of sample timings for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_min: Minimum execution time observed for GetXStats operations.</P
-></LI
-><LI
-><P
->GetXStats_max: Maximum execution time observed for GetXStats operations.</P
-></LI
-></UL
-></P
-><P
->Byte Information for Certain RPC Operations Group (RPCopBytes_group) <UL
-><LI
-><P
->FetchData_xfers: Number of FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_ok: Number of successful FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_sum: Sum of timing values for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_sqr: Sum of squares of sample timings for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_min: Minimum transfer time observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_max: Maximum transfer time observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bytes_sum: Sum of bytes transferred for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bytes_min: Minimum byte transfer observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bytes_max: Maximum byte transfer observed for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket0: Tally in bucket0 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket1: Tally in bucket1 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket2: Tally in bucket2 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket3: Tally in bucket3 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket4: Tally in bucket4 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket5: Tally in bucket5 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket6: Tally in bucket6 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket7: Tally in bucket7 for FetchData operations.</P
-></LI
-><LI
-><P
->FetchData_xfers_bucket8: Tally in bucket8 for FetchData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers: Number of StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_ok: Number of successful StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_sum: Sum of timing values for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_sqr: Sum of squares of sample timings for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_min: Minimum transfer time observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_max: Maximum transfer time observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bytes_sum: Sum of bytes transferred for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bytes_min: Minimum byte transfer observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bytes_max: Maximum byte transfer observed for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket0: Tally in bucket0 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket1: Tally in bucket1 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket2: Tally in bucket2 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket3: Tally in bucket3 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket4: Tally in bucket4 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket5: Tally in bucket5 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket6: Tally in bucket6 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket7: Tally in bucket7 for StoreData operations.</P
-></LI
-><LI
-><P
->StoreData_xfers_bucket8: Tally in bucket8 for StoreData operations.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="a33826.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="a35965.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Using AFS Commands</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->AIX Audit Events</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->AIX Audit Events</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="The afsmonitor Program Statistics"
-HREF="a34149.html"><LINK
-REL="NEXT"
-TITLE="Index"
-HREF="i37012.html"></HEAD
-><BODY
-CLASS="appendix"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="a34149.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="i37012.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="appendix"
-><H1
-><A
-NAME="HDRWQ620"
-></A
->Appendix D. AIX Audit Events</H1
-><P
->This Appendix provides a complete listing of the AFS events that can be audited on AIX file server machines. See Chapter
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
-> for instructions on auditing AFS events on AIX file server
- machines. <A
-NAME="IDX8189"
-></A
-></P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ621"
->Introduction</A
-></H1
-><P
->Below is a list of the AFS events contained in the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/usr/local/audit/events.sample</B
-></SPAN
->. Each entry contains information on the event class, the name of the
- event, the parameters associated with the event, and a description of the event.</P
-><P
->Most events have an associated error code that shows the outcome of the event (since each event is recorded after it
- occurs), an AFSName (the authentication identify of the requesting process), and a host ID (from which the request originated).
- Many events follow the RPC server entry calls defined in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->AFS Programmer's Reference Manual</I
-></SPAN
->.</P
-><P
->Events are classed by functionality (this is AIX specific). Some events possibly fall into one of more of the following
- classes which are defined by the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/config.sample</B
-></SPAN
->: <UL
-><LI
-><P
->A (afsauthent): Authentication and Identification Events</P
-></LI
-><LI
-><P
->S (afssecurity): Security Events</P
-></LI
-><LI
-><P
->P (afsprivilege): Privilege Required Events</P
-></LI
-><LI
-><P
->O (afsobjects): Object Creation and Deletion Events</P
-></LI
-><LI
-><P
->M (afsattributes): Attribute modification</P
-></LI
-><LI
-><P
->C (afsprocess): Process Control Events</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ622"
->Audit-Specific Events</A
-></H1
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN35993"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_Audit_WR</TD
-><TD
->None</TD
-><TD
-><string></TD
-><TD
->The file "/usr/afs/Audit" has been written to (AIX specific event).</TD
-></TR
-><TR
-><TD
->AFS_Aud_On</TD
-><TD
->S</TD
-><TD
->ECode</TD
-><TD
->Auditing is on for this server process (recorded on startup of a server).</TD
-></TR
-><TR
-><TD
->AFS_Aud_Off</TD
-><TD
->S</TD
-><TD
->ECode</TD
-><TD
->Auditing is off for this server process (recorded on startup of a server).</TD
-></TR
-><TR
-><TD
->AFS_Aud_Unauth</TD
-><TD
->S</TD
-><TD
->ECode Event</TD
-><TD
->Event triggered by an unauthorized user.</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The following audit-specific events indicate an error has occurred while recording the event. Most events have an
- AFSName associated with them and a host ID. If this information cannot be gathered out of the Rx structure, one of these
- events is raised.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN36028"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_Aud_NoCall</TD
-><TD
->S</TD
-><TD
->ECode Event</TD
-><TD
->No rx call structure with this event. Cannot get security, AFS ID, or origin of call.</TD
-></TR
-><TR
-><TD
->AFS_Aud_NoConn</TD
-><TD
->S</TD
-><TD
->ECode Event</TD
-><TD
->No connection info associated with rx call. Cannot get security, AFS ID, or origin of call.</TD
-></TR
-><TR
-><TD
->AFS_Aud_UnknSec</TD
-><TD
->S</TD
-><TD
->ECode Event</TD
-><TD
->Security of call is unknown (must be authorized or unauthorized caller).</TD
-></TR
-><TR
-><TD
->AFS_Aud_NoAFSId</TD
-><TD
->S</TD
-><TD
->ECode Event</TD
-><TD
->No AFS ID/name associated with a secure event.</TD
-></TR
-><TR
-><TD
->AFS_Aud_NoHost</TD
-><TD
->S</TD
-><TD
->ECode Event</TD
-><TD
->No information about origin (machine) of caller.</TD
-></TR
-><TR
-><TD
->AFS_Aud_EINVAL</TD
-><TD
->None</TD
-><TD
->Event</TD
-><TD
->Error in audit event parameter (can't record the event parameter).</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ627"
->Volume Server Events</A
-></H1
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN36073"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_VS_Start</TD
-><TD
->P C</TD
-><TD
->ECode</TD
-><TD
->The volume server has started.</TD
-></TR
-><TR
-><TD
->AFS_VS_Finish</TD
-><TD
->C</TD
-><TD
->ECode</TD
-><TD
->The volume server has finished. Finish events are rare since the server process is normally aborted.</TD
-></TR
-><TR
-><TD
->AFS_VS_Exit</TD
-><TD
->C</TD
-><TD
->ECode</TD
-><TD
->The volume server has exited. Exit events are rare since the server process is normally aborted.</TD
-></TR
-><TR
-><TD
->AFS_VS_TransCr</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Trans VolID</TD
-><TD
->AFSVolTransCreate - Create transaction for a [volume, partition]</TD
-></TR
-><TR
-><TD
->AFS_VS_EndTrn</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Trans</TD
-><TD
->AFSVolEndTrans - End a transaction.</TD
-></TR
-><TR
-><TD
->AFS_VS_CrVol</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID Trans VolID VolName Type ParentID</TD
-><TD
->AFSVolCreateVolume - Create a volume (volumeId volumeName)</TD
-></TR
-><TR
-><TD
->AFS_VS_DelVol</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID Trans</TD
-><TD
->AFSVolDeleteVolume - Delete a volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_NukVol</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID VolID</TD
-><TD
->AFSVolNukeVolume - Obliterate a volume completely (volume ID).</TD
-></TR
-><TR
-><TD
->AFS_VS_Dump</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Trans</TD
-><TD
->AFSVolDump - Dump the contents of a volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_SigRst</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID VolName</TD
-><TD
->AFSVolSignalRestore - Show intention to call AFSVolRestore.</TD
-></TR
-><TR
-><TD
->AFS_VS_Restore</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID Trans</TD
-><TD
->AFSVolRestore - Recreate a volume from a dump.</TD
-></TR
-><TR
-><TD
->AFS_VS_Forward</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID FromTrans Host DestTrans</TD
-><TD
->AFSVolForward - Dump a volume, then restore to a given server and volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_Clone</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID Trans Purge NewName NewType NewVolID</TD
-><TD
->AFSVolClone - Clone (and optionally purge) a volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_ReClone</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID Trans CloneVolID</TD
-><TD
->AFSVolReClone - Reclone a volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_SetForw</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID Trans NewHost</TD
-><TD
->AFSVolSetForwarding - Set forwarding information for a moved volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_GetFlgs</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Trans</TD
-><TD
->AFSVolGetFlags - Get volume flags for a transaction.</TD
-></TR
-><TR
-><TD
->AFS_VS_SetFlgs</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID Trans Flags</TD
-><TD
->AFSVolSetFlags - Set volume flags for a transaction.</TD
-></TR
-><TR
-><TD
->AFS_VS_GetName</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Trans</TD
-><TD
->AFSVolGetName - Get the volume name associated with a transaction.</TD
-></TR
-><TR
-><TD
->AFS_VS_GetStat</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Trans</TD
-><TD
->AFSVolGetStatus - Get status of a transaction/volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_SetIdTy</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID Trans VolName Type ParentId CloneID BackupID</TD
-><TD
->AFSVolSetIdsTypes - Set header information for a volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_SetDate</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID Trans Date</TD
-><TD
->AFSVolSetDate - Set creation date in a volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_ListPar</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->AFSVolListPartitions - Return a list of AFS partitions on a server.</TD
-></TR
-><TR
-><TD
->AFS_VS_ParInf</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID PartName</TD
-><TD
->AFSVolPartitionInfo - Get partition information.</TD
-></TR
-><TR
-><TD
->AFS_VS_ListVol</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->AFSVolListVolumes - Return a list of volumes on a server.</TD
-></TR
-><TR
-><TD
->AFS_VS_XLstVol</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->AFSVolXListVolumes - Return a (detailed) list of volumes on a server.</TD
-></TR
-><TR
-><TD
->AFS_VS_Lst1Vol</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID VolID</TD
-><TD
->AFSVolListOneVolume - Return header information for a single volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_XLst1Vl</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID VolID</TD
-><TD
->AFSVolXListOneVolume - Return (detailed) header information for a single volume.</TD
-></TR
-><TR
-><TD
->AFS_VS_GetNVol</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID VolID</TD
-><TD
->AFSVolGetNthVolume - Get volume header given its index.</TD
-></TR
-><TR
-><TD
->AFS_VS_Monitor</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->AFSVolMonitor - Collect server transaction state.</TD
-></TR
-><TR
-><TD
->AFS_VS_SetInfo</TD
-><TD
->P O M</TD
-><TD
->ECode AFSName HostID Trans</TD
-><TD
->AFSVolSetInfo - Set volume status.</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ630"
->Backup Server Events</A
-></H1
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN36238"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_BUDB_Start</TD
-><TD
->P</TD
-><TD
->ECode</TD
-><TD
->The backup server has started.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_Finish</TD
-><TD
->None</TD
-><TD
->ECode</TD
-><TD
->The backup server has finished. Finish events are rare since the server process is normally aborted.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_Exit</TD
-><TD
->None</TD
-><TD
->ECode</TD
-><TD
->The backup server has exited. Exit events are rare since the server process is normally aborted.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_CrDmp</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID dumpId</TD
-><TD
->BUDB_CreateDump - Create a new dump.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_AppDmp</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID dumpId</TD
-><TD
->BUDB_makeDumpAppended - Make the dump an appended dump.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_DelDmp</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID dumpId</TD
-><TD
->BUDB_DeleteDump - Delete a dump.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_FinDmp</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID dumpId</TD
-><TD
->BUDB_FinishDump- Notify buserver that dump is finished.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_UseTpe</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID dumpId</TD
-><TD
->BUDB_UseTape - Create/add a tape entry to a dump.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_DelTpe</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID dumpId</TD
-><TD
->BUDB_DeleteTape - Remove a tape from the database.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_FinTpe</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID dumpId</TD
-><TD
->BUDB_FinishTape - Writing to a tape is completed.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_AddVol</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID volId</TD
-><TD
->BUDB_AddVolume - Add a volume to a particular dump and tape.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_GetTxV</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Type</TD
-><TD
->BUDB_GetTextVersion - Get the version number for hosts/volume-sets/dump-hierarchy.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_GetTxt</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID Type</TD
-><TD
->BUDB_GetText - Get the information about hosts/volume-sets/dump-hierarchy.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_SavTxt</TD
-><TD
->M</TD
-><TD
->ECode AFSName HostID Type</TD
-><TD
->BUDB_SaveText - Overwrite the information about hosts/volume-sets/dump-hierarchy.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_GetLck</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_GetLock - Take a lock for reading/writing text information.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_FrALck</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_FreeLock - Free a lock.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_FreLck</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_FreeAllLocks - Free all locks.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_GetIId</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_GetInstanceId - Get lock instance id.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_DmpDB</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_DumpDB - Start dumping the database.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_RstDBH</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_RestoreDbHeader - Restore the database header.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_DBVfy</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_DbVerify - Verify the database.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_FndDmp</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID volName</TD
-><TD
->BUDB_FindDump - Find the dump a volume belongs to.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_GetDmp</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_GetDumps - Get a list of dumps in the database.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_FnLTpe</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID dumpId</TD
-><TD
->BUDB_FindLastTape - Find last tape, and last volume on tape of a dump.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_GetTpe</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_GetTapes - Find a list of tapes based on name or dump ID.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_GetVol</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_GetVolumes - Find a list of volumes based on dump or tape name.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_DelVDP</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID dumpSetName</TD
-><TD
->BUDB_DeleteVDP - Delete dumps with given name and dump path.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_FndCln</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID volName</TD
-><TD
->BUDB_FindClone - Find clone time of volume.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_FndLaD</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID volName</TD
-><TD
->BUDB_FindLatestDump - Find the latest dump a volume belongs to.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_TGetVr</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BUDB_T_GetVersion - Test Get version.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_TDmpHa</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID file</TD
-><TD
->BUDB_T_DumpHashTable - Test dump of hash table.</TD
-></TR
-><TR
-><TD
->AFS_BUDB_TDmpDB</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID file</TD
-><TD
->BUDB_T_DumpDatabase - Test dump of database.</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ633"
->Protection Server Events</A
-></H1
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN36413"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_PTS_Start</TD
-><TD
->P</TD
-><TD
->ECode</TD
-><TD
->The protection server has started.</TD
-></TR
-><TR
-><TD
->AFS_PTS_Finish</TD
-><TD
->C</TD
-><TD
->ECode</TD
-><TD
->The protection server has finished. Finish events are rare since the server process is normally aborted.</TD
-></TR
-><TR
-><TD
->AFS_PTS_Exit</TD
-><TD
->C</TD
-><TD
->ECode</TD
-><TD
->The protection server has exited. Exit events are rare since the server process is normally aborted.</TD
-></TR
-><TR
-><TD
->AFS_PTS_NmToId</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->PR_NameToID - Perform one or more name-to-ID translations.</TD
-></TR
-><TR
-><TD
->AFS_PTS_IdToNm</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId</TD
-><TD
->PR_IDToName - Perform one or more ID-to-name translations.</TD
-></TR
-><TR
-><TD
->AFS_PTS_NewEnt</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId Name OwnerId</TD
-><TD
->PR_NewEntry - Create a PDB (Protection DataBase) entry for the given name.</TD
-></TR
-><TR
-><TD
->AFS_PTS_INewEnt</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId Name OwnerId</TD
-><TD
->PR_INewEntry - Create a PDB entry for the given name and ID.</TD
-></TR
-><TR
-><TD
->AFS_PTS_LstEnt</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId</TD
-><TD
->PR_ListEntry - Get the contents of a PDB entry based on its ID.</TD
-></TR
-><TR
-><TD
->AFS_PTS_DmpEnt</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Position</TD
-><TD
->PR_DumpEntry - Get the contents of a PDB entry based on its offset.</TD
-></TR
-><TR
-><TD
->AFS_PTS_ChgEnt</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId NewName NewOwnerId NewId</TD
-><TD
->PR_ChangeEntry - Change an existing PDB entry's ID, name, owner, or a combination.</TD
-></TR
-><TR
-><TD
->AFS_PTS_SetFEnt</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId</TD
-><TD
->PR_SetFieldsEntry - Change miscellaneous fields in an existing PDB entry.</TD
-></TR
-><TR
-><TD
->AFS_PTS_Del</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId</TD
-><TD
->PR_Delete - Delete an existing PDB entry.</TD
-></TR
-><TR
-><TD
->FS_PTS_WheIsIt</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId Position</TD
-><TD
->PR_WhereIsIt - Get the PDB byte offset of the entry for a given ID.</TD
-></TR
-><TR
-><TD
->AFS_PTS_AdToGrp</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId UserId</TD
-><TD
->PR_AddToGroup - Add a user to a group.</TD
-></TR
-><TR
-><TD
->AFS_PTS_RmFmGrp</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId UserId</TD
-><TD
->PR_RemoveFromGroup - Remove a user from a chosen group.</TD
-></TR
-><TR
-><TD
->AFS_PTS_LstMax</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->PR_ListMax - Get the largest allocated user and group ID.</TD
-></TR
-><TR
-><TD
->AFS_PTS_SetMax</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId flag</TD
-><TD
->PR_SetMax - Set the largest allocated user and group ID.</TD
-></TR
-><TR
-><TD
->AFS_PTS_LstEle</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId</TD
-><TD
->PR_ListElements - List all IDs associated with a user or group.</TD
-></TR
-><TR
-><TD
->AFS_PTS_GetCPS</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId</TD
-><TD
->PR_GetCPS - Get the CPS (Current Protection Subdomain) for the given ID.</TD
-></TR
-><TR
-><TD
->AFS_PTS_GetCPS2</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId Host</TD
-><TD
->PR_GetCPS2 - Get the CPS for the given id and host.</TD
-></TR
-><TR
-><TD
->AFS_PTS_GetHCPS</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID Host</TD
-><TD
->PR_GetHostCPS - Get the CPS for the given host.</TD
-></TR
-><TR
-><TD
->AFS_PTS_LstOwn</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID GroupId</TD
-><TD
->PR_ListOwned - Get all IDs owned by the given ID.</TD
-></TR
-><TR
-><TD
->AFS_PTS_IsMemOf</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID UserId GroupId</TD
-><TD
->PR_IsAMemberOf - Is a given user ID a member of a specified group?</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ636"
->Authentication Events</A
-></H1
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN36543"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_KAA_ChPswd</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAA_ChangePassword - Change password.</TD
-></TR
-><TR
-><TD
->AFS_KAA_Auth</TD
-><TD
->A S</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAA_Authenticate - Authenticate to the cell.</TD
-></TR
-><TR
-><TD
->AFS_KAA_AuthO</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAA_Authenticate_old - Old style authentication.</TD
-></TR
-><TR
-><TD
->AFS_KAT_GetTkt</TD
-><TD
->A S</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAT_GetTicket - An attempt was made to get an AFS ticket for some principal listed in the Authentication
- Database.</TD
-></TR
-><TR
-><TD
->AFS_KAT_GetTktO</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAT_GetTicket_old - An attempt was made to get an AFS ticket for some principal listed in the Authentication
- Database.</TD
-></TR
-><TR
-><TD
->AFS_KAM_CrUser</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAM_CreateUser - Create a user.</TD
-></TR
-><TR
-><TD
->AFS_KAM_DelUser</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAM_DeleteUser - Delete a user.</TD
-></TR
-><TR
-><TD
->AFS_KAM_SetPswd</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAM_SetPassword - Set the password for a user.</TD
-></TR
-><TR
-><TD
->AFS_KAM_GetPswd</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID name</TD
-><TD
->KAM_GetPassword - Get the password of a user.</TD
-></TR
-><TR
-><TD
->AFS_KAM_GetEnt</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAM_GetEntry - The RPC made by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command to get one entry from the
- Authentication Database (by index entry).</TD
-></TR
-><TR
-><TD
->AFS_KAM_LstEnt</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID index</TD
-><TD
->KAM_ListEntry - The RPC made to list one or more entries in the Authentication Database.</TD
-></TR
-><TR
-><TD
->AFS_KAM_Dbg</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->KAM_Debug - The RPC that produces a debugging trace for the Authentication Server.</TD
-></TR
-><TR
-><TD
->AFS_KAM_SetFld</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID name instance flags date lifetime maxAssoc</TD
-><TD
->KAM_SetFields - The RPC used by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command to manipulate the
- Authentication Database.</TD
-></TR
-><TR
-><TD
->AFS_KAM_GetStat</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->KAM_GetStatus - An RPC used to get statistics on the Authentication Server.</TD
-></TR
-><TR
-><TD
->AFS_KAM_GRnKey</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->KAM_GetRandomKey - An RPC used to generate a random encryption key.</TD
-></TR
-><TR
-><TD
->AFS_UnlockUser</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAM_Unlock - The RPC used to initiate the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas unlock</B
-></SPAN
-> command.</TD
-></TR
-><TR
-><TD
->AFS_LockStatus</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID name instance</TD
-><TD
->KAM_LockStatus - The RPC used to determine whether a user's Authentication Database entry is locked.</TD
-></TR
-><TR
-><TD
->AFS_UseOfPriv</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID name instance cell</TD
-><TD
->An authorized command was issued and allowed because the user had privilege.</TD
-></TR
-><TR
-><TD
->AFS_UnAth</TD
-><TD
->S</TD
-><TD
->ECode AFSName HostID name instance cell</TD
-><TD
->An authorized command was issued and allowed because the system was running in noauth mode.</TD
-></TR
-><TR
-><TD
->AFS_UDPAuth</TD
-><TD
->A S</TD
-><TD
->ECode name instance</TD
-><TD
->An authentication attempt was made with a Kerberos client.</TD
-></TR
-><TR
-><TD
->AFS_UDPGetTckt</TD
-><TD
->A S</TD
-><TD
->ECode name instance cell name instance</TD
-><TD
->An attempt was made to get a Kerberos ticket.</TD
-></TR
-><TR
-><TD
->AFS_RunNoAuth</TD
-><TD
->S</TD
-><TD
->ECode</TD
-><TD
->Check was made and some random server is running noauth.</TD
-></TR
-><TR
-><TD
->AFS_NoAuthDsbl</TD
-><TD
->S P</TD
-><TD
->ECode</TD
-><TD
->Server is set to run in authenticated mode.</TD
-></TR
-><TR
-><TD
->AFS_NoAuthEnbl</TD
-><TD
->S P</TD
-><TD
->ECode</TD
-><TD
->Server is set to run in unauthenticated mode.</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ639"
->File Server and Cache Manager Interface Events</A
-></H1
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN36681"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_SRX_FchACL</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->RXAFS_FetchACL - Fetch the ACL associated with the given AFS file identifier.</TD
-></TR
-><TR
-><TD
->AFS_SRX_FchStat</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->RXAFS_FetchStatus - Fetch the status information for a file system object.</TD
-></TR
-><TR
-><TD
->AFS_SRX_StACL</TD
-><TD
->M</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->RXAFS_StoreACL - Associate an ACL with the names directory.</TD
-></TR
-><TR
-><TD
->AFS_SRX_StStat</TD
-><TD
->M</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->RXAFS_StoreStatus - Store status information for the specified file.</TD
-></TR
-><TR
-><TD
->AFS_SRX_RmFile</TD
-><TD
->O</TD
-><TD
->ECode AFSName HostID (FID) name</TD
-><TD
->RXAFS_RemoveFile - Delete the given file.</TD
-></TR
-><TR
-><TD
->AFS_SRX_CrFile</TD
-><TD
->O</TD
-><TD
->ECode AFSName HostID (FID) name</TD
-><TD
->RXAFS_CreateFile - Create the given file.</TD
-></TR
-><TR
-><TD
->AFS_SRX_RNmFile</TD
-><TD
->O M</TD
-><TD
->ECode AFSName HostID (oldFID) oldName (newFID) newName</TD
-><TD
->RXAFS_Rename - Rename the specified file in the given directory.</TD
-></TR
-><TR
-><TD
->AFS_SRX_SymLink</TD
-><TD
->O</TD
-><TD
->ECode AFSName HostID (FID) name</TD
-><TD
->RXAFS_Symlink - Create a symbolic link.</TD
-></TR
-><TR
-><TD
->AFS_SRX_Link</TD
-><TD
->O</TD
-><TD
->ECode AFSName HostID (FID) name (FID)</TD
-><TD
->RXAFS_Link - Create a hard link.</TD
-></TR
-><TR
-><TD
->AFS_SRX_MakeDir</TD
-><TD
->O</TD
-><TD
->ECode AFSName HostID (FID) name</TD
-><TD
->RXAFS_MakeDir - Create a directory.</TD
-></TR
-><TR
-><TD
->AFS_SRX_RmDir</TD
-><TD
->O</TD
-><TD
->ECode AFSName HostID (FID) name</TD
-><TD
->RXAFS_RemoveDir - Remove a directory.</TD
-></TR
-><TR
-><TD
->AFS_SRX_SetLock</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID (FID) type</TD
-><TD
->RXAFS_SetLock - Set an advisory lock on the given file identifier.</TD
-></TR
-><TR
-><TD
->AFS_SRX_ExtLock</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->RXAFS_ExtendLock - Extend an advisory lock on a file.</TD
-></TR
-><TR
-><TD
->AFS_SRX_RelLock</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->RXAFS_ReleaseLock - Release the advisory lock on a file.</TD
-></TR
-><TR
-><TD
->AFS_SRX_FchData</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->StartRXAFS_FetchData - Begin a request to fetch file data.</TD
-></TR
-><TR
-><TD
->AFS_SRX_StData</TD
-><TD
->O</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->StartRXAFS_StoreData - Begin a request to store file data.</TD
-></TR
-><TR
-><TD
->AFS_SRX_BFchSta</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID (FID)</TD
-><TD
->RXAFS_BulkStatus - Fetch status information regarding a set of file system objects.</TD
-></TR
-><TR
-><TD
->AFS_SRX_SetVolS</TD
-><TD
->M</TD
-><TD
->ECode AFSName HostID volId volName</TD
-><TD
->RXAFS_SetVolumeStatus - Set the basic status information for the named volume.</TD
-></TR
-><TR
-><TD
->AFS_Priv</TD
-><TD
->P</TD
-><TD
->ECode viceId callRoutine</TD
-><TD
->Checking Permission Rights of user - user has permissions.</TD
-></TR
-><TR
-><TD
->AFS_PrivSet</TD
-><TD
->P</TD
-><TD
->ECode viceId callRoutine</TD
-><TD
->Set the privileges of a user.</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ642"
->BOS Server Events</A
-></H1
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN36796"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_BOS_CreBnod</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_CreateBnode - Create a process instance.</TD
-></TR
-><TR
-><TD
->AFS_BOS_DelBnod</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID instance</TD
-><TD
->BOZO_DeleteBnode - Delete a process instance.</TD
-></TR
-><TR
-><TD
->AFS_BOS_SetReSt</TD
-><TD
->P M C</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_Restart - Restart a given process instance.</TD
-></TR
-><TR
-><TD
->AFS_BOS_GetLog</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->StartBOZO_GetLog - Pass the IN params when fetching a BOS Server log file.</TD
-></TR
-><TR
-><TD
->AFS_BOS_SetStat</TD
-><TD
->P M C</TD
-><TD
->ECode AFSName HostID instance</TD
-><TD
->BOZO_SetStatus - Set process instance status and goal.</TD
-></TR
-><TR
-><TD
->AFS_BOS_SetTSta</TD
-><TD
->P M C</TD
-><TD
->ECode AFSName HostID instance</TD
-><TD
->BOZO_SetTStatus - Temporarily set process instance status and goal.</TD
-></TR
-><TR
-><TD
->AFS_BOS_StartAl</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_StartupAll - Start all existing process instances.</TD
-></TR
-><TR
-><TD
->AFS_BOS_ShtdAll</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_ShutdownAll - Shut down all process instances.</TD
-></TR
-><TR
-><TD
->AFS_BOS_ReStAll</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_RestartAll - Shut down, then restart all process instances.</TD
-></TR
-><TR
-><TD
->AFS_BOS_ReBos</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_ReBozo - Shut down, then restart all process instances and the BOS Server itself.</TD
-></TR
-><TR
-><TD
->AFS_BOS_ReBosIn</TD
-><TD
->P C</TD
-><TD
->ECode</TD
-><TD
->BOZO_ReBozo - Same as AFS_BOS_ReBos but done internally (server restarts).</TD
-></TR
-><TR
-><TD
->AFS_BOS_ReStart</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID instance</TD
-><TD
->BOZO_Restart - Restart a given process instance.</TD
-></TR
-><TR
-><TD
->AFS_BOS_WaitAll</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_WaitAll - Wait until all process instances have reached their goals.</TD
-></TR
-><TR
-><TD
->AFS_BOS_AddSUsr</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_AddSUser - Add a user to the UserList.</TD
-></TR
-><TR
-><TD
->AFS_BOS_DelSUsr</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_DeleteSUser - Delete a user from the UserList.</TD
-></TR
-><TR
-><TD
->AFS_BOS_LstSUsr</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_ListSUsers - Get the name of the user in the given position in the UserList file.</TD
-></TR
-><TR
-><TD
->AFS_BOS_LstKey</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_ListKeys - List information about the key at a given index in the key file.</TD
-></TR
-><TR
-><TD
->AFS_BOS_LstKeyU</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_ListKeys - Same as AFS_BOS_LstKey, but unauthorized.</TD
-></TR
-><TR
-><TD
->AFS_BOS_AddKey</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_AddKey - Add a key to the key file.</TD
-></TR
-><TR
-><TD
->AFS_BOS_DelKey</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_DeleteKey - Delete the entry for an AFS key.</TD
-></TR
-><TR
-><TD
->AFS_BOS_SetNoAu</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID flag</TD
-><TD
->BOZO_SetNoAuthFlag - Enable or disable authenticated call requirements.</TD
-></TR
-><TR
-><TD
->AFS_BOS_SetCell</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID name</TD
-><TD
->BOZO_SetCellName - Set the name of the cell to which the BOS Server belongs.</TD
-></TR
-><TR
-><TD
->AFS_BOS_AddHst</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID name</TD
-><TD
->BOZO_AddCellHost - Add an entry to the list of database server hosts.</TD
-></TR
-><TR
-><TD
->AFS_BOS_DelHst</TD
-><TD
->S P</TD
-><TD
->ECode AFSName HostID name</TD
-><TD
->BOZO_DeleteCellHost - Delete an entry from the list of database server hosts.</TD
-></TR
-><TR
-><TD
->AFS_BOS_Inst</TD
-><TD
->P O M</TD
-><TD
->ECode AFSName HostID name</TD
-><TD
-><P
->StartBOZO_Install - Pass the IN parameters when installing a server binary.</P
-> <P
->EndBOZO_Install -
- Get the OUT parameters when installing a server binary.</P
-></TD
-></TR
-><TR
-><TD
->AFS_BOS_UnInst</TD
-><TD
->P O M</TD
-><TD
->ECode AFSName HostID name</TD
-><TD
->BOZO_UnInstall - Roll back from a server binary installation.</TD
-></TR
-><TR
-><TD
->AFS_BOS_PrnLog</TD
-><TD
->P O</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->BOZO_Prune - Throw away old versions of server binaries and core file.</TD
-></TR
-><TR
-><TD
->AFS_BOS_Exec</TD
-><TD
->P C</TD
-><TD
->ECode AFSName HostID cmd</TD
-><TD
->BOZO_Exec - Execute a shell command at the server.</TD
-></TR
-><TR
-><TD
->AFS_BOS_DoExec</TD
-><TD
->P C</TD
-><TD
->ECode exec</TD
-><TD
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bosserver</B
-></SPAN
-> process was restarted.</TD
-></TR
-><TR
-><TD
->AFS_BOS_StpProc</TD
-><TD
->P C</TD
-><TD
->ECode cmd</TD
-><TD
->An RPC to stop any process controlled by the BOS Server.</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ645"
->Volume Location Server Events</A
-></H1
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN36964"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="28*"><COL
-WIDTH="10*"><COL
-WIDTH="25*"><COL
-WIDTH="38*"><THEAD
-><TR
-><TH
->Event</TH
-><TH
->Class</TH
-><TH
->Parameters</TH
-><TH
->Description</TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->AFS_VL_CreEnt</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID name</TD
-><TD
->VL_CreateEntry - Create a VLDB entry.</TD
-></TR
-><TR
-><TD
->AFS_VL_DelEnt</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID volID</TD
-><TD
->VL_DeleteEntry - Delete a VLDB entry.</TD
-></TR
-><TR
-><TD
->AFS_VL_GetNVlID</TD
-><TD
->None</TD
-><TD
->ECode AFSName HostID</TD
-><TD
->VL_GetNewVolumeId - Generate a new volume ID.</TD
-></TR
-><TR
-><TD
->AFS_VL_RepEnt</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID volID</TD
-><TD
->VL_ReplaceEntry - Replace entire contents of VLDB entry.</TD
-></TR
-><TR
-><TD
->AFS_VL_UpdEnt</TD
-><TD
->P M</TD
-><TD
->ECode AFSName HostID volID</TD
-><TD
->VL_UpdateEntry - Update contents of VLDB entry.</TD
-></TR
-><TR
-><TD
->AFS_VL_SetLck</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID volID</TD
-><TD
->VL_SetLock - Lock VLDB entry.</TD
-></TR
-><TR
-><TD
->AFS_VL_RelLck</TD
-><TD
->P</TD
-><TD
->ECode AFSName HostID volID</TD
-><TD
->VL_ReleaseLock - Unlock VLDB entry.</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="a34149.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="i37012.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->The afsmonitor Program Statistics</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Index</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
<!ENTITY appendixB SYSTEM "auagd023.xml">
<!ENTITY appendixC SYSTEM "auagd024.xml">
<!ENTITY appendixD SYSTEM "auagd025.xml">
-<!ENTITY index SYSTEM "auagd026.xml">
]>
-<book label="Version 3.6" fpi="Document Number GC09-4563-00">
+<book label="Version M.m">
<bookinfo>
- <title>AFS Administration Guide</title>
+ <title>OpenAFS Administration Guide</title>
- <subtitle>Version 3.6</subtitle>
-
- <pubsnumber>Document Number GC09-4563-00</pubsnumber>
+ <subtitle>Version M.m</subtitle>
<copyright>
<year>2000</year>
</copyright>
<revhistory>
+ <revision>
+ <revnumber>M.m</revnumber>
+
+ <date>May 2008</date>
+
+ <revremark>First OpenAFS Edition</revremark>
+
+ </revision>
+
<revision>
<revnumber>3.6</revnumber>
<date>April 2000</date>
- <revremark>First Edition</revremark>
+ <revremark>First IBM Edition, Document Number GC09-4563-00</revremark>
+
+ <pubsnumber>Document Number GC09-4563-00</pubsnumber>
</revision>
</revhistory>
<abstract>
<para>This edition applies to: <simplelist>
- <member>IBM AFS for AIX, Version 3.6</member>
- <member>IBM AFS for Digital Unix, Version 3.6</member>
- <member>IBM AFS for HP-UX, Version 3.6</member>
- <member>IBM AFS for Linux, Version 3.6</member>
- <member>IBM AFS for SGI IRIX, Version 3.6</member>
- <member>IBM AFS for Solaris, Version 3.6</member>
+ <member>OpenAFS for AIX, Version M.m</member>
+ <member>OpenAFS for Digital Unix, Version M.m</member>
+ <member>OpenAFS for HP-UX, Version M.m</member>
+ <member>OpenAFS for Linux, Version M.m</member>
+ <member>OpenAFS for SGI IRIX, Version M.m</member>
+ <member>OpenAFS for Solaris, Version M.m</member>
</simplelist></para>
<para>and to all subsequent releases and modifications until otherwise
&appendixB;
&appendixC;
&appendixD;
- &index;
+ <index>Name Index</index>
</book>
with UNIX(R) administration, but no previous knowledge of AFS.</para>
<para>This document describes AFS commands in the context of specific tasks. Thus, it does not describe all commands in detail.
- Refer to the IBM AFS Administration Reference for detailed command descriptions.</para>
+ Refer to the OpenAFS Administration Reference for detailed command descriptions.</para>
</sect1>
<sect1 id="HDRWQ2">
</listitem>
<listitem>
- <para>If necessary, refer to the IBM AFS Administration Reference for more detailed information about the commands.</para>
+ <para>If necessary, refer to the OpenAFS Administration Reference for more detailed information about the commands.</para>
</listitem>
</orderedlist>
</para>
<variablelist>
<varlistentry>
- <term>IBM AFS Administration Reference</term>
+ <term>OpenAFS Administration Reference</term>
<listitem>
<para>This reference manual details the syntax and effect of each AFS command. It is intended for the experienced AFS
- administrator, programmer, or user. The IBM AFS Administration Reference lists AFS files and commands in alphabetical
+ administrator, programmer, or user. The OpenAFS Administration Reference lists AFS files and commands in alphabetical
order. The reference page for each command specifies its syntax, including the acceptable aliases and abbreviations. It
then describes the command's function, arguments, and output if any. Examples and a list of related commands are provided,
as are warnings where appropriate.</para>
- <para>This manual complements the IBM AFS Administration Guide: it does not include procedural information, but describes
- commands in more detail than the IBM AFS Administration Guide.</para>
+ <para>This manual complements the OpenAFS Administration Guide: it does not include procedural information, but describes
+ commands in more detail than the OpenAFS Administration Guide.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>IBM AFS Quick Beginnings</term>
+ <term>OpenAFS Quick Beginnings</term>
<listitem>
<para>This guide provides instructions for installing AFS server and client machines. It is assumed that the installer is
</varlistentry>
<varlistentry>
- <term>IBM AFS Release Notes</term>
+ <term>OpenAFS Release Notes</term>
<listitem>
<para>This document provides information specific to each release of AFS, such as a list of new features and commands, a
</varlistentry>
<varlistentry>
- <term>IBM AFS User Guide</term>
+ <term>OpenAFS User Guide</term>
<listitem>
<para>This guide presents the basic concepts and procedures necessary for using AFS effectively. It assumes that the
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="HDRWQ5">
- <title>An Overview of AFS Administration</title>
+ <title>An Overview of OpenAFS Administration</title>
<para>This chapter provides a broad overview of the concepts and organization of AFS. It is strongly recommended that anyone
involved in administering an AFS cell read this chapter before beginning to issue commands.</para>
<para>Keeping clocks synchronized is particularly important to the correct operation of AFS's distributed database technology,
which coordinates the copies of the Authentication, Backup, Protection, and Volume Location Databases; see <link
- linkend="HDRWQ52">Replicating the AFS Administrative Databases</link>. Client machines also refer to these clocks for the
+ linkend="HDRWQ52">Replicating the OpenAFS Administrative Databases</link>. Client machines also refer to these clocks for the
correct time; therefore, it is less confusing if all file server machines have the same time. For more technical detail about
the NTPD, see <link linkend="HDRWQ151">The runntp Process</link>.</para>
</sect2>
<para>This chapter discusses many of the issues to consider when configuring and administering a cell, and directs you to detailed
related information available elsewhere in this guide. It is assumed you are already familiar with the material in <link
- linkend="HDRWQ5">An Overview of AFS Administration</link>.</para>
+ linkend="HDRWQ5">An Overview of OpenAFS Administration</link>.</para>
<para>It is best to read this chapter before installing your cell's first file server machine or performing any other
administrative task.</para>
<para>AFS provides a modified login utility for each system type that accomplishes both local login and AFS
authentication in one step, based on a single password. If you choose not to use the AFS-modified login utility, your
- users must login and authenticate in separate steps, as detailed in the <emphasis>IBM AFS User Guide</emphasis>.</para>
+ users must login and authenticate in separate steps, as detailed in the <emphasis>OpenAFS User Guide</emphasis>.</para>
</listitem>
<listitem>
UNIX Remote Services in the AFS Environment</link>.</para>
<para>The AFS distribution for some system types possibly does not include a modified <emphasis
- role="bold">rlogind</emphasis> program. See the <emphasis>IBM AFS Release Notes</emphasis>.</para>
+ role="bold">rlogind</emphasis> program. See the <emphasis>OpenAFS Release Notes</emphasis>.</para>
<indexterm>
<primary>rsh command</primary>
role="bold">lost+found</emphasis> directory on the partition.</para>
<para>Instead, use the version of the <emphasis role="bold">fsck</emphasis> program that is included in the AFS distribution.
- The <emphasis>IBM AFS Quick Beginnings</emphasis> explains how to replace the vendor-supplied <emphasis
+ The <emphasis>OpenAFS Quick Beginnings</emphasis> explains how to replace the vendor-supplied <emphasis
role="bold">fsck</emphasis> program with the AFS version as you install each server machine.</para>
<para>The AFS version functions like the standard <emphasis role="bold">fsck</emphasis> program on data stored on both UFS and
<para>For file server machines, the two files that record the cell name are the <emphasis
role="bold">/usr/afs/etc/ThisCell</emphasis> and <emphasis role="bold">/usr/afs/etc/CellServDB</emphasis> files. As described
- more explicitly in the <emphasis>IBM AFS Quick Beginnings</emphasis>, you set the cell name in both by issuing the <emphasis
+ more explicitly in the <emphasis>OpenAFS Quick Beginnings</emphasis>, you set the cell name in both by issuing the <emphasis
role="bold">bos setcellname</emphasis> command on the first file server machine you install in your cell. It is not usually
necessary to issue the command again. If you run the United States edition of AFS and use the Update Server, it distributes
its copy of the <emphasis role="bold">ThisCell</emphasis> and <emphasis role="bold">CellServDB</emphasis> files to additional
- server machines that you install. If you use the international edition of AFS, the <emphasis>IBM AFS Quick
+ server machines that you install. If you use the international edition of AFS, the <emphasis>OpenAFS Quick
Beginnings</emphasis> explains how to copy the files manually.</para>
<para>For client machines, the two files that record the cell name are the <emphasis
See <link linkend="HDRWQ406">Maintaining Knowledge of Database Server Machines</link> for details.</para>
<para>Change the cell name in these files only when you want to transfer the machine to a different cell (it can only belong
- to one cell at a time). If the machine is a file server, follow the complete set of instructions in the <emphasis>IBM AFS
+ to one cell at a time). If the machine is a file server, follow the complete set of instructions in the <emphasis>OpenAFS
Quick Beginnings</emphasis> for configuring a new cell. If the machine is a client, all you need to do is change the files
appropriately and reboot the machine. The next section explains further the negative consequences of changing the name of an
existing cell.</para>
<para>A separate directory for storing the server and client binaries for each system type you use in the cell.
Configuration is simplest if you use the system type names assigned in the AFS distribution, particularly if you wish
to use the <emphasis role="bold">@sys</emphasis> variable in pathnames (see <link linkend="HDRWQ56">Using the @sys
- Variable in Pathnames</link>). The <emphasis>IBM AFS Release Notes</emphasis> lists the conventional name for each
+ Variable in Pathnames</link>). The <emphasis>OpenAFS Release Notes</emphasis> lists the conventional name for each
supported system type.</para>
<para>Within each such directory, create directories named <emphasis role="bold">bin</emphasis>, <emphasis
</listitem>
</itemizedlist></para>
- <para>The <emphasis>IBM AFS Quick Beginnings</emphasis> explains how to configure your cell's first file server machine to
- assume all four roles. The <emphasis>IBM AFS Quick Beginnings</emphasis> chapter on installing additional server machines also
+ <para>The <emphasis>OpenAFS Quick Beginnings</emphasis> explains how to configure your cell's first file server machine to
+ assume all four roles. The <emphasis>OpenAFS Quick Beginnings</emphasis> chapter on installing additional server machines also
explains how to configure them to perform one or more roles.</para>
<indexterm>
</indexterm>
<sect2 id="HDRWQ52">
- <title>Replicating the AFS Administrative Databases</title>
+ <title>Replicating the OpenAFS Administrative Databases</title>
<para>The AFS administrative databases are housed on database server machines and store information that is crucial for
correct cell functioning. Both server processes and Cache Managers access the information frequently: <itemizedlist>
<para>Unlike replicated volumes, however, replicated databases do change frequently. Consistent system performance demands
that all copies of the database always be identical, so it is not acceptable to record changes in only some of them. To
synchronize the copies of a database, the database server processes use AFS's distributed database technology, Ubik. See <link
- linkend="HDRWQ102">Replicating the AFS Administrative Databases</link>.</para>
+ linkend="HDRWQ102">Replicating the OpenAFS Administrative Databases</link>.</para>
<para>If your cell has only one file server machine, it must also serve as a database server machine. If you cell has two file
server machines, it is not always advantageous to run both as database server machines. If a server, process, or network
first <emphasis role="bold">r</emphasis> (<emphasis role="bold">read</emphasis>) mode bit turned on (for example, the
<emphasis role="bold">/usr/afs/etc/KeyFile</emphasis> file, which lists the AFS server encryption keys). Each time the BOS
Server starts, it checks that the mode bits on certain files and directories match the expected values. For a list, see the
- <emphasis>IBM AFS Quick Beginnings</emphasis> section about protecting sensitive AFS directories, or the discussion of the
+ <emphasis>OpenAFS Quick Beginnings</emphasis> section about protecting sensitive AFS directories, or the discussion of the
output from the <emphasis role="bold">bos status</emphasis> command in <link linkend="HDRWQ159">To display the status of
server processes and their BosConfig entries</link>.</para>
directory, and so on through the <emphasis role="bold">/vicepz</emphasis> directory. The names then continue with <emphasis
role="bold">/vicepaa</emphasis> through <emphasis role="bold">/vicepaz</emphasis>, <emphasis role="bold">/vicepba</emphasis>
through <emphasis role="bold">/vicepbz</emphasis>, and so on, up to the maximum supported number of server partitions, which
- is specified in the IBM AFS Release Notes.</para>
+ is specified in the OpenAFS Release Notes.</para>
<para>Each <emphasis role="bold">/vicep</emphasis>x directory must correspond to an entire partition or logical volume, and
must be a subdirectory of the root directory (/). It is not acceptable to configure part of (for example) the <emphasis
Solaris 7 converts it to <emphasis role="bold">/afs/abc.com/sun4x_57</emphasis>.</para>
<para>If you want to use the @sys variable, it is simplest to use the conventional AFS system type names as specified in the
- IBM AFS Release Notes. The Cache Manager records the local machine's system type name in kernel memory during initialization.
+ OpenAFS Release Notes. The Cache Manager records the local machine's system type name in kernel memory during initialization.
If you do not use the conventional names, you must use the <emphasis role="bold">fs sysname</emphasis> command to change the
value in kernel memory from its default just after Cache Manager initialization, on every client machine of the relevant
system type. The <emphasis role="bold">fs sysname</emphasis> command also displays the current value; see <link
<note>
<para>The AFS-modified libraries do not necessarily support all features available in an operating system's proprietary login
utility. In some cases, it is not possible to support a utility at all. For more information about the supported utilities in
- each AFS version, see the IBM AFS Release Notes.</para>
+ each AFS version, see the OpenAFS Release Notes.</para>
</note>
<indexterm>
<para>Systems that use a Pluggable Authentication Module (PAM) for login and AFS authentication do not necessarily consult the
local password file at all, in which case they do not use the password field to control authentication and login attempts.
Instead, instructions in the PAM configuration file (on many system types, <emphasis role="bold">/etc/pam.conf</emphasis>)
- fill the same function. See the instructions in the IBM AFS Quick Beginnings for installing AFS-modified login
+ fill the same function. See the instructions in the OpenAFS Quick Beginnings for installing AFS-modified login
utilities.</para>
<indexterm>
<title>Using Two-Step Login and Authentication</title>
<para>In cells that do not use an AFS-modified login utility, users must issue separate commands to login and authenticate, as
- detailed in the IBM AFS User Guide: <orderedlist>
+ detailed in the OpenAFS User Guide: <orderedlist>
<listitem>
<para>They use the standard <emphasis role="bold">login</emphasis> program to login to the local file system, providing
the password listed in the local password file (the <emphasis role="bold">/etc/passwd</emphasis> file or
logged in to the local file system. To authenticate as a different identity, use the <emphasis
role="bold">-principal</emphasis> argument. To obtain a token for a foreign cell, use the <emphasis
role="bold">-cell</emphasis> argument (it can be combined with the <emphasis role="bold">-principal</emphasis> argument). See
- the IBM AFS User Guide and the entry for the <emphasis role="bold">klog</emphasis> command in the IBM AFS Administration
+ the OpenAFS User Guide and the entry for the <emphasis role="bold">klog</emphasis> command in the OpenAFS Administration
Reference.</para>
<para>To discard either all tokens or the token for a particular cell, issue the <emphasis role="bold">unlog</emphasis>
- command. The command affects only the tokens associated with the current command shell. See the IBM AFS User Guideand the
- entry for the <emphasis role="bold">unlog</emphasis> command in the IBM AFS Administration Reference.</para>
+ command. The command affects only the tokens associated with the current command shell. See the OpenAFS User Guideand the
+ entry for the <emphasis role="bold">unlog</emphasis> command in the OpenAFS Administration Reference.</para>
<para>To display the tokens associated with the current command shell, issue the <emphasis role="bold">tokens</emphasis>
command. The following examples illustrate its output in various situations.</para>
<note>
<para>An AFS-modified login utility always grants a token with a lifetime calculated from the previously described three
values. When issuing the <emphasis role="bold">klog</emphasis> command, a user can request a lifetime shorter than the
- default by using the <emphasis role="bold">-lifetime</emphasis> argument. For further information, see the IBM AFS User
- Guide and the <emphasis role="bold">klog</emphasis> reference page in the IBM AFS Administration Reference.</para>
+ default by using the <emphasis role="bold">-lifetime</emphasis> argument. For further information, see the OpenAFS User
+ Guide and the <emphasis role="bold">klog</emphasis> reference page in the OpenAFS Administration Reference.</para>
</note>
</sect2>
setpassword</emphasis> commands pass the proposed password to a program or script called <emphasis
role="bold">kpwvalid</emphasis>, if it exists. The <emphasis role="bold">kpwvalid</emphasis> performs quality checks and
returns a code to indicate whether the password is acceptable. You can create your own program or modified the sample program
- included in the AFS distribution. See the <emphasis role="bold">kpwvalid</emphasis> reference page in the IBM AFS
+ included in the AFS distribution. See the <emphasis role="bold">kpwvalid</emphasis> reference page in the OpenAFS
Administration Reference.</para>
<para>There are several types of quality checks that can improve password quality. <itemizedlist>
<para>Use either the Kerberos version or the standard command throughout the cell; do not mix the two versions. AFS Product
Support can provide instructions on installing the Kerberos version of these four commands. For information on the differences
- between the two versions of these commands, see the IBM AFS Administration Reference.</para>
+ between the two versions of these commands, see the OpenAFS Administration Reference.</para>
</sect2>
</sect1>
a user accidentally removes or changes data, the user can restore it from the backup volume, rather than having to ask you to
restore it.</para>
- <para>The IBM AFS User Guide does not mention backup volumes, so regular users do not know about them if you decide not to use
+ <para>The OpenAFS User Guide does not mention backup volumes, so regular users do not know about them if you decide not to use
them. This implies that if you <emphasis role="bold">do</emphasis> make backup versions of user volumes, you need to tell your
users about how the backup works and where you have mounted it.</para>
<para>The conventional installation location for the modified remote commands are the <emphasis
role="bold">/usr/afsws/bin</emphasis> and <emphasis role="bold">/usr/afsws/etc</emphasis> directories. To learn more about
- commands' functionality, see their reference pages in the IBM AFS Administration Reference.</para>
+ commands' functionality, see their reference pages in the OpenAFS Administration Reference.</para>
</sect1>
<sect1 id="HDRWQ79">
</listitem>
</itemizedlist></para>
- <para>To learn how to install and configure a new server machine, see the <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
+ <para>To learn how to install and configure a new server machine, see the <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
<para>To learn how to administer the server processes themselves, see <link linkend="HDRWQ142">Monitoring and Controlling Server
Processes</link>.</para>
<para>An ASCII file that consists of a single line defining the complete Internet domain-style name of the cell (such
as <computeroutput>abc.com</computeroutput>). You create this file with the <emphasis role="bold">bos
setcellname</emphasis> command during the installation of your cell's first file server machine, as instructed in the
- <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
+ <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
<para>Note that changing this file is only one step in changing your cell's name. For discussion, see <link
linkend="HDRWQ34">Choosing a Cell Name</link>.</para>
restarts processes for maintenance purposes.</para>
<para>As you create server processes during a file server machine's installation, their entries are defined in this
- file automatically. The <emphasis>IBM AFS Quick Beginnings</emphasis> outlines the <emphasis
+ file automatically. The <emphasis>OpenAFS Quick Beginnings</emphasis> outlines the <emphasis
role="bold">bos</emphasis> commands to use. For a more complete description of the file, and instructions for
controlling process status by editing the file with commands from the <emphasis role="bold">bos</emphasis> suite, see
<link linkend="HDRWQ142">Monitoring and Controlling Server Processes</link>.</para>
<para>If a cell runs more than one database server machine, each database server process keeps its own copy of its database on
its machine's hard disk. However, it is important that all the copies of a given database are the same. To synchronize them,
the database server processes call on AFS's distributed database technology, Ubik, as described in <link
- linkend="HDRWQ102">Replicating the AFS Administrative Databases</link>.</para>
+ linkend="HDRWQ102">Replicating the OpenAFS Administrative Databases</link>.</para>
<para>The files listed here appear in this directory only on database server machines. On non-database server machines, this
directory is empty. <variablelist>
name. The directory name is of the form <emphasis role="bold">/vicep</emphasis>index, where each index is one or two lowercase
letters. By convention, the first AFS partition on a machine is mounted at <emphasis role="bold">/vicepa</emphasis>, the
second at <emphasis role="bold">/vicepb</emphasis>, and so on. If there are more than 26 partitions, continue with <emphasis
- role="bold">/vicepaa</emphasis>, <emphasis role="bold">/vicepab</emphasis> and so on. The <emphasis>IBM AFS Release
+ role="bold">/vicepaa</emphasis>, <emphasis role="bold">/vicepab</emphasis> and so on. The <emphasis>OpenAFS Release
Notes</emphasis> specifies the number of supported partitions per server machine.</para>
<para>Do not store non-AFS files on AFS partitions. The File Server and Volume Server expect to have available all of the
</itemizedlist></para>
<para>If a cell has a single server machine, it assumes the simple file server and database server roles. The instructions in
- the <emphasis>IBM AFS Quick Beginnings</emphasis> also have you configure it as the system control machine and binary
+ the <emphasis>OpenAFS Quick Beginnings</emphasis> also have you configure it as the system control machine and binary
distribution machine for its system type, but it does not actually perform those functions until you install another server
machine.</para>
<para>Unlike replicated volumes, however, replicated databases do change frequently. Consistent system performance demands
that all copies of the database always be identical, so it is not possible to record changes in only some of them. To
synchronize the copies of a database, the database server processes use AFS's distributed database technology, Ubik. See <link
- linkend="HDRWQ102">Replicating the AFS Administrative Databases</link>.</para>
+ linkend="HDRWQ102">Replicating the OpenAFS Administrative Databases</link>.</para>
<para>It is critical that the AFS server processes on every server machine in a cell know which machines are the database
server machines. The database server processes in particular must maintain constant contact with their peers in order to
<para>For a list of the configuration files stored in the <emphasis role="bold">/usr/afs/etc</emphasis> directory, see <link
linkend="HDRWQ85">Common Configuration Files in the /usr/afs/etc Directory</link>.</para>
- <para>The <emphasis>IBM AFS Quick Beginnings</emphasis> configures a cell's first server machine as the system control
+ <para>The <emphasis>OpenAFS Quick Beginnings</emphasis> configures a cell's first server machine as the system control
machine. If you wish, you can reassign the role to a different machine that you install later, but you must then change the
client portion of the Update Server (<emphasis role="bold">upclientetc</emphasis>) process running on all other server
machines to refer to the new system control machine.</para>
Command 1 is '/usr/afs/bin/upserver'
</programlisting>
- <para>If you are using the default configuration recommended in the <emphasis>IBM AFS Quick Beginnings</emphasis>, the
+ <para>If you are using the default configuration recommended in the <emphasis>OpenAFS Quick Beginnings</emphasis>, the
system control machine is also the binary distribution machine for its system type, and a single <emphasis
role="bold">upserver</emphasis> process distributes both kinds of updates. In that case, the output includes the following
messages:</para>
<sect1 id="HDRWQ101">
<title>Administering Database Server Machines</title>
- <para>This section explains how to administer database server machines. For installation instructions, see the <emphasis>IBM AFS
+ <para>This section explains how to administer database server machines. For installation instructions, see the <emphasis>OpenAFS
Quick Beginnings</emphasis>.</para>
<indexterm>
</indexterm>
<sect2 id="HDRWQ102">
- <title>Replicating the AFS Administrative Databases</title>
+ <title>Replicating the OpenAFS Administrative Databases</title>
<para>There are several benefits to replicating the AFS administrative databases (the Authentication, Backup, Protection, and
- Volume Location Databases), as discussed in <link linkend="HDRWQ52">Replicating the AFS Administrative Databases</link>. For
+ Volume Location Databases), as discussed in <link linkend="HDRWQ52">Replicating the OpenAFS Administrative Databases</link>. For
correct cell functioning, the copies of each database must be identical at all times. To keep the databases synchronized, AFS
uses library of utilities called <emphasis>Ubik</emphasis>. Each database server process runs an associated lightweight Ubik
process, and client-side programs call Ubik's client-side subroutines when they submit requests to read and change the
<para>If you run the United States version of AFS and use the Update Server, it is simplest to maintain the <emphasis
role="bold">/usr/afs/etc/CellServDB</emphasis> file on the system control machine, which distributes its copy to all
- other server machines. The <emphasis>IBM AFS Quick Beginnings</emphasis> explains how to configure the Update Server.
+ other server machines. The <emphasis>OpenAFS Quick Beginnings</emphasis> explains how to configure the Update Server.
If you run the international version of AFS, you must update the file on each machine individually.</para>
<para>The only reason to alter the file is when configuring or decommissioning a database server machine. Use the
<link linkend="HDRWQ118">Maintaining the Server CellServDB File</link>. The instructions in <link
linkend="HDRWQ142">Monitoring and Controlling Server Processes</link> for stopping and starting processes remind you
to alter the <emphasis role="bold">CellServDB</emphasis> file when appropriate, as do the instructions in the
- <emphasis>IBM AFS Quick Beginnings</emphasis> for installing or decommissioning a database server machine.</para>
+ <emphasis>OpenAFS Quick Beginnings</emphasis> for installing or decommissioning a database server machine.</para>
<para>(Client processes and the server processes that do not maintain databases also rely on correct information in
the <emphasis role="bold">CellServDB</emphasis> file for proper operation, but their use of the information does not
<listitem>
<para>Keep the clocks synchronized on all machines in the cell, especially the database server machines.</para>
- <para>In the conventional configuration specified in the <emphasis>IBM AFS Quick Beginnings</emphasis>, you run the
+ <para>In the conventional configuration specified in the <emphasis>OpenAFS Quick Beginnings</emphasis>, you run the
<emphasis role="bold">runntp</emphasis> process to supervise the local Network Time Protocol Daemon (NTPD) on every
AFS server machine. The NTPD on the system control machine synchronizes its clock with a reliable source outside the
cell and broadcasts the time to the NTPDs on the other server machines. You can choose to run a different time
restrictions. The most basic is that it halts if it finds that an existing dump record in the database has the same dump
ID number as a dump on the tape it is scanning. If you want to continue with the scanning operation, you must locate and
remove the existing record from the database. For further discussion, see the <emphasis role="bold">backup
- scantape</emphasis> command's reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ scantape</emphasis> command's reference page in the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
</listitem>
</itemizedlist></para>
server machine of each system type as the <emphasis>binary distribution machine</emphasis> by running the server portion of the
Update Server (<emphasis role="bold">upserver</emphasis> process) on it. All other server machines of that system type run the
client portion of the Update Server (<emphasis role="bold">upclientbin</emphasis> process) to retrieve updated software from the
- binary distribution machine. The <emphasis>IBM AFS Quick Beginnings</emphasis> explains how to install the appropriate
+ binary distribution machine. The <emphasis>OpenAFS Quick Beginnings</emphasis> explains how to install the appropriate
processes. For more on binary distribution machines, see <link linkend="HDRWQ93">Binary Distribution Machines</link>.</para>
<para>When you use the Update Server, you install new binaries on binary distribution machines only. If you install binaries
<para>It is best to store AFS binaries in the <emphasis role="bold">/usr/afs/bin</emphasis> directory, because that is the
only directory the BOS Server automatically checks for new binaries. You can, however, use the <emphasis role="bold">bos
install</emphasis> command's <emphasis role="bold">-dir</emphasis> argument to install non-AFS binaries into other directories
- on a server machine's local disk. See the command's reference page in the <emphasis>IBM AFS Administration
+ on a server machine's local disk. See the command's reference page in the <emphasis>OpenAFS Administration
Reference</emphasis> for further information.</para>
<indexterm>
from its binary distribution machine before restarting a server process to use the new binaries.</para>
<para>To check dates on binaries in a directory other than <emphasis role="bold">/usr/afs/bin</emphasis>, add the <emphasis
- role="bold">-dir</emphasis> argument. See the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ role="bold">-dir</emphasis> argument. See the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
<indexterm>
<primary>bos commands</primary>
@(#)Base configuration afsversion build_level
</programlisting>
- <para>For example, the following string indicates the binary is from AFS 3.6 build 3.0:</para>
+ <para>For example, the following string indicates the binary is from AFS M.m build 3.0:</para>
<programlisting>
- @(#)Base configuration afs3.6 3.0
+ @(#)Base configuration afsM.m 3.0
</programlisting>
</listitem>
</orderedlist>
constant contact with their peers in order to keep their copies of the replicated administrative databases
synchronized.</para>
- <para>As detailed in <link linkend="HDRWQ102">Replicating the AFS Administrative Databases</link>, the database server
+ <para>As detailed in <link linkend="HDRWQ102">Replicating the OpenAFS Administrative Databases</link>, the database server
processes use the Ubik utility to synchronize the information in the databases they maintain. The Ubik coordinator at the
synchronization site for each database maintains the single read/write copy of the database and distributes changes to the
secondary sites as necessary. It must maintain contact with a majority of the secondary sites to remain the coordinator,
<para>To avoid the negative consequences of incorrect information in the <emphasis
role="bold">/usr/afs/etc/CellServDB</emphasis> file, you must update it on all of your cell's server machines every time you
- add or remove a database server machine. The <emphasis>IBM AFS Quick Beginnings</emphasis> provides complete instructions for
+ add or remove a database server machine. The <emphasis>OpenAFS Quick Beginnings</emphasis> provides complete instructions for
installing or removing a database server machine and for updating the <emphasis role="bold">CellServDB</emphasis> file in that
context. This section explains how to distribute the file to your server machines and how to make other cells aware of the
changes if you participate in the AFS global name space.</para>
edition of AFS, instead change the file on each server machine individually. For further discussion of the system control
machine and why international cells must not use it for files in the <emphasis role="bold">/usr/afs/etc</emphasis> directory,
see <link linkend="HDRWQ94">The System Control Machine</link>. For instructions on configuring the Update Server when using
- the United States version of AFS, see the <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
+ the United States version of AFS, see the <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
<para>To avoid formatting errors that can cause errors, always use the <emphasis role="bold">bos addhost</emphasis> and
<emphasis role="bold">bos removehost</emphasis> commands, rather than editing the file directly. You must also restart the
<para>Provide the <emphasis role="bold">-noauth</emphasis> flag which is available on many of the commands in the suites. To
verify that a command accepts the flag, issue the <emphasis role="bold">help</emphasis> command in its suite, or consult the
- command's reference page in the <emphasis>IBM AFS Administration Reference</emphasis> (the reference page also specifies the
+ command's reference page in the <emphasis>OpenAFS Administration Reference</emphasis> (the reference page also specifies the
shortest acceptable abbreviation for the flag on each command). The suites' <emphasis role="bold">apropos</emphasis> and
<emphasis role="bold">help</emphasis> commands do not themselves accept the flag.</para>
<para>AFS makes it very easy to add storage space to your cell, just by adding disks to existing file server machines. This
section explains how to install or remove a disk used to store AFS volumes. (Another way to add storage space is to install
- additional server machines, as instructed in the <emphasis>IBM AFS Quick Beginnings</emphasis>.)</para>
+ additional server machines, as instructed in the <emphasis>OpenAFS Quick Beginnings</emphasis>.)</para>
<para>Both adding and removing a disk cause at least a brief file system outage, because you must restart the <emphasis
role="bold">fs</emphasis> process to have it recognize the new set of server partitions. Some operating systems require that you
<para>These instructions assume that the machine's AFS initialization file includes the following command to restart the BOS
Server after each reboot. The BOS Server starts the other AFS server processes listed in the local <emphasis
role="bold">/usr/afs/local/BosConfig</emphasis> file. For information on the <emphasis role="bold">bosserver</emphasis>
- command's optional arguments, see its reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ command's optional arguments, see its reference page in the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
<programlisting>
/usr/afs/bin/bosserver &
files also determine which interfaces the Ubik database synchronization library uses when communicating with the database server
processes running on other database server machines.</para>
- <para>There is a maximum number of IP addresses in each server entry, as documented in the <emphasis>IBM AFS Release
+ <para>There is a maximum number of IP addresses in each server entry, as documented in the <emphasis>OpenAFS Release
Notes</emphasis>. If a multihomed file server machine has more interfaces than the maximum, AFS simply ignores the excess ones.
It is probably appropriate for such machines to use the <emphasis role="bold">NetInfo</emphasis> and <emphasis
role="bold">NetRestrict</emphasis> files to control which interfaces are registered.</para>
<para>Except in this type of rare error case, the only appropriate use of the <emphasis role="bold">vos changeaddr</emphasis>
command is to remove a VLDB server entry completely when you remove a file server machine from service. The VLDB can accommodate
- a maximum number of server entries, as specified in the <emphasis>IBM AFS Release Notes</emphasis>. Removing obsolete entries
+ a maximum number of server entries, as specified in the <emphasis>OpenAFS Release Notes</emphasis>. Removing obsolete entries
makes it possible to allocate server entries for new file server machines as required. See the instructions that follow.</para>
<para>Do not use the <emphasis role="bold">vos changeaddr</emphasis> command to change the list of interfaces registered in a
<para>The output from the <emphasis role="bold">bos status</emphasis> command refers to a process by the name assigned
when the <emphasis role="bold">bos create</emphasis> command creates its entry in the <emphasis
role="bold">/usr/afs/local/BosConfig</emphasis> file. The name can differ from machine to machine, but it is easiest to
- maintain the cell if you assign the same name on all machines. The <emphasis>IBM AFS Quick Beginnings</emphasis> and the
+ maintain the cell if you assign the same name on all machines. The <emphasis>OpenAFS Quick Beginnings</emphasis> and the
reference page for the <emphasis role="bold">bos create</emphasis> command list the conventional names. Examples are
<emphasis role="bold">bosserver</emphasis>, <emphasis role="bold">kaserver</emphasis>, and <emphasis
role="bold">vlserver</emphasis>.</para>
</indexterm>
<para>As a system administrator, you do not contact the NTPD directly once you have installed it according to the instructions
- in the <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
+ in the <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
</sect2>
<sect2 id="HDRWQ152">
<para>A process's entry in the <emphasis role="bold">BosConfig</emphasis> file includes the following information:
<itemizedlist>
<listitem>
- <para>The process's name. The recommended conventional names are defined in both the <emphasis>IBM AFS Quick
+ <para>The process's name. The recommended conventional names are defined in both the <emphasis>OpenAFS Quick
Beginnings</emphasis> and <link linkend="HDRWQ161">Creating and Removing Processes</link>. The name of a simple process
usually matches the name of its binary file (for example, <emphasis role="bold">ptserver</emphasis> for the Protection
Server).</para>
</indexterm>
<para>When you start or stop a database server process (Authentication Server, Backup Server, Protection Server, or Volume
- Location Server) for more than a short time, you must follow the instructions in the <emphasis>IBM AFS Quick
+ Location Server) for more than a short time, you must follow the instructions in the <emphasis>OpenAFS Quick
Beginnings</emphasis> for installing or removing a database server machine. Here is a summary of the tasks you must perform to
preserve correct AFS functioning. <itemizedlist>
<listitem>
</programlisting>
<para>The expected protections for the directories and files in the <emphasis role="bold">/usr/afs</emphasis> directory are as
- follows. A question mark indicates that the BOS Server does not check the mode bit. See the <emphasis>IBM AFS Quick
+ follows. A question mark indicates that the BOS Server does not check the mode bit. See the <emphasis>OpenAFS Quick
Beginnings</emphasis> for more information about setting the protections on these files and directories.</para>
<informaltable frame="none">
<note>
<para>If you are starting or stopping a database server process in the manner described in this section, follow the complete
- instructions in the <emphasis>IBM AFS Quick Beginnings</emphasis> for creating or removing a database server machine. If you
+ instructions in the <emphasis>OpenAFS Quick Beginnings</emphasis> for creating or removing a database server machine. If you
run one database server process on a given machine, you must run them all; for more information, see <link
linkend="HDRWQ156">About Starting and Stopping the Database Server Processes</link>. Similarly, if you are stopping the
<emphasis role="bold">upserver</emphasis> process on the system control machine or a binary distribution machine, you must
<listitem>
<para>Specifies the pathname of a program that the BOS Server runs when the process terminates. For more
information on notifier programs, see the <emphasis role="bold">bos create</emphasis> command reference page in
- the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
</listitem>
</varlistentry>
</variablelist></para>
<note>
<para>If you are starting or stopping a database server process in the manner described in this section, follow the complete
- instructions in the <emphasis>IBM AFS Quick Beginnings</emphasis> for creating or removing a database server machine. If you
+ instructions in the <emphasis>OpenAFS Quick Beginnings</emphasis> for creating or removing a database server machine. If you
run one database server process on a given machine, you must run them all; for more information, see <link
linkend="HDRWQ156">About Starting and Stopping the Database Server Processes</link>. Similarly, if you are stopping the
<emphasis role="bold">upserver</emphasis> process on the system control machine or a binary distribution machine, you must
demand for the volume's contents and how much disk space you are willing to use for multiple copies of the volume. Of course,
each prospective read-only site must have enough available space to accommodate the volume. The limit on the number of
read-only copies of a volume is determined by the maximum number of site definitions in a volume's VLDB entry, which is
- defined in the <emphasis> IBM AFS Release Notes</emphasis>. The site housing the read/write and backup versions of the volume
+ defined in the <emphasis> OpenAFS Release Notes</emphasis>. The site housing the read/write and backup versions of the volume
counts as one site, and each read-only site counts as an additional site (even the read-only site defined on the same file
server machine and partition as the read/write site counts as a separate site). Note also that the Volume Server permits only
one read-only copy of a volume per file server machine.</para>
home directory as it was at the time the backup was created, with all files and subdirectories in the same relative
positions.</para>
- <para>If you do create and mount backup volumes for your users, inform users of their existence. The <emphasis> IBM AFS User
+ <para>If you do create and mount backup volumes for your users, inform users of their existence. The <emphasis> OpenAFS User
Guide</emphasis> does not mention backup volumes because making them available to users is optional. Explain to users how
often you make a new backup, so they know what they can recover. Remind them also that the data in their backup volume cannot
change; however, they can use the standard UNIX <emphasis role="bold">cp</emphasis> command to copy it into their home volume
<note>
<para>It is best not to halt a <emphasis role="bold">vos move</emphasis> operation before it completes, because parts of
the volume can be left on both the source and destination machines. For more information, see the command's reference
- page in the <emphasis> IBM AFS Administration Reference</emphasis>.</para>
+ page in the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
</note>
</listitem>
files or directories in it. If an application is writing data into an existing file in a full volume, the File Server allows a
defined overage (by default, 1 MB). (You can use the <emphasis role="bold">fileserver</emphasis> command's <emphasis
role="bold">-spare</emphasis> or <emphasis role="bold">-pctspare</emphasis> argument to change the default overage; see the
- command's reference page in the <emphasis> IBM AFS Administration Reference</emphasis>.)</para>
+ command's reference page in the <emphasis>OpenAFS Administration Reference</emphasis>.)</para>
<para>To set a quota other than 5000 KB as you create a volume, include the <emphasis role="bold">-maxquota</emphasis> argument
to the <emphasis role="bold">vos create</emphasis> command, as described in <link linkend="HDRWQ185">Creating Read/write
<para>In general, smaller volumes are easier to administer than larger ones. If you need to move volumes, say for load-balancing
purposes, it is easier to find enough free space on other partitions for small volumes. Move operations complete more quickly
for small volumes, reducing the potential for outages or other errors to interrupt the move. AFS supports a maximum volume size,
- which can vary for different AFS releases; see the <emphasis> IBM AFS Release Notes</emphasis> for the version you are using.
+ which can vary for different AFS releases; see the <emphasis> OpenAFS Release Notes</emphasis> for the version you are using.
Also, the size of a partition or logical places an absolute limit on volume size, because a volume cannot span multiple
partitions or logical volumes.</para>
it automatically removes a volume's VLDB entry and both the volume header and all data from the partition. If either the VLDB
entry or volume header does not exist, it is sometimes necessary to use other commands that remove only the remaining element.
Do not use these commands in the normal case when both the VLDB entry and the volume header exist, because by definition they
- create discrepancies between them. For details on the commands' syntax, see their reference pages in the <emphasis> IBM AFS
+ create discrepancies between them. For details on the commands' syntax, see their reference pages in the <emphasis> OpenAFS
Administration Reference</emphasis>.</para>
<indexterm>
<para>The <emphasis>Backup Database</emphasis> is a replicated administrative database maintained by the Backup Server process
on the cell's database server machines. Like the other AFS database server processes, the <emphasis>Backup Server</emphasis>
uses the Ubik utility to keep the various copies of the database synchronized (for a discussion of Ubik, see <link
- linkend="HDRWQ52">Replicating the AFS Administrative Databases</link>).</para>
+ linkend="HDRWQ52">Replicating the OpenAFS Administrative Databases</link>).</para>
<para>The Backup Database records the following information: <itemizedlist>
<listitem>
id</computeroutput> respectively). The <computeroutput>cell</computeroutput> field reports the cell in which the dump
operation was performed, and the <computeroutput>useCount</computeroutput> field reports the number of times the tape has been
relabeled, either with the <emphasis role="bold">backup labeltape</emphasis> command or during a dump operation. For further
- details, see the command's reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ details, see the command's reference page in the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
<para>If the tape has no label, or if the drive is empty, the following message appears at the command shell:</para>
<listitem>
<para>The Backup System cannot determine if the dump set includes any more tapes while running the <emphasis
- role="bold">backup scantape</emphasis> command (the command's reference page in the <emphasis>IBM AFS Administration
+ role="bold">backup scantape</emphasis> command (the command's reference page in the <emphasis>OpenAFS Administration
Reference</emphasis> discusses possible reasons for this problem). When you assign the value <emphasis
role="bold">NO</emphasis>, the Tape Coordinator proceeds as though there are more tapes and invokes the <emphasis
role="bold">MOUNT</emphasis> script named in the device configuration file, or prompts the operator to insert the next
<listitem>
<para>The Backup Server (<emphasis role="bold">buserver</emphasis>) process must be running on database server machines,
- because most backup operations require accessing or changing information in the Backup Database. The <emphasis>IBM AFS
+ because most backup operations require accessing or changing information in the Backup Database. The <emphasis>OpenAFS
Quick Beginnings</emphasis> explains how to configure the Backup Server.</para>
</listitem>
</itemizedlist></para>
<para>For each dump on the tape, the output in the Tape Coordinator window displays the dump label followed by an entry for
each volume. There is no output in the command window. The dump label has the same fields as the tape label displayed by the
<emphasis role="bold">backup readlabel</emphasis> command, as described in <link linkend="HDRWQ272">Writing and Reading Tape
- Labels</link>. Or see the <emphasis>IBM AFS Administration Reference</emphasis> for a detailed description of the fields in
+ Labels</link>. Or see the <emphasis>OpenAFS Administration Reference</emphasis> for a detailed description of the fields in
the output.</para>
<para>The following example shows the dump label and first volume entry on the tape in the device that has port offset
<listitem>
<para>Reports the existence of orphan blocks and other information about the database, as described on the
- <emphasis role="bold">backup dbverify</emphasis> reference page in the <emphasis>IBM AFS Administration
+ <emphasis role="bold">backup dbverify</emphasis> reference page in the <emphasis>OpenAFS Administration
Reference</emphasis>.</para>
</listitem>
</varlistentry>
role="bold">-to</emphasis> argument is equivalent in effect and is simpler because it does not require starting a Tape
Coordinator process as the <emphasis role="bold">backup savedb</emphasis> command does. For further information on the
<emphasis role="bold">-archive</emphasis> argument to the <emphasis role="bold">backup savedb</emphasis> command, see the
- command's reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ command's reference page in the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
<para>If you later need to access deleted dump records, and the corresponding tapes still exist, you can use the <emphasis
role="bold">-dbadd</emphasis> argument to the <emphasis role="bold">backup scantape</emphasis> command to scan their contents
<para>Specifies which individual statistic, group of statistics, or section of statistics to display on the
<computeroutput>File Servers</computeroutput> screen (<emphasis role="bold">fs</emphasis>) or <computeroutput>Cache
Managers</computeroutput> screen (<emphasis role="bold">cm</emphasis>) and the order in which to display them. The
- appendix of <emphasis role="bold">afsmonitor</emphasis> statistics in the <emphasis>IBM AFS Administration
+ appendix of <emphasis role="bold">afsmonitor</emphasis> statistics in the <emphasis>OpenAFS Administration
Guide</emphasis> specifies the group and section to which each statistic belongs. Include as many <emphasis
role="bold">show</emphasis> lines as necessary to customize the screen display as desired, and place them anywhere in
the file. The top-to-bottom order of the <emphasis role="bold">show</emphasis> lines in the configuration file
</orderedlist></para>
<para>For instructions on creating the initial <emphasis role="bold">afs</emphasis> entry and <emphasis
- role="bold">KeyFile</emphasis> files as you install your cell's first server machine, see the IBM AFS Quick
+ role="bold">KeyFile</emphasis> files as you install your cell's first server machine, see the OpenAFS Quick
Beginnings.</para>
</listitem>
<listitem>
<para>You must run the <emphasis role="bold">upserver</emphasis> process on the system control machine and an
<emphasis role="bold">upclientetc</emphasis> process on all other server machines that references the system
- control machine. The IBM AFS Quick Beginnings explains how to install both processes. For instructions on
+ control machine. The OpenAFS Quick Beginnings explains how to install both processes. For instructions on
verifying that the Update Server processes are running, see <link linkend="HDRWQ158">Displaying Process Status and
Information from the BosConfig File</link>.</para>
between this date and the date reported by the <emphasis role="bold">bos listkeys</emphasis> command, because the latter date
changes for any type of change to the <emphasis role="bold">KeyFile</emphasis> file, not just a key addition. For a
description of the other lines in the output from the <emphasis role="bold">kas examine</emphasis> command, see its reference
- page in the IBM AFS Administration Reference.</para>
+ page in the OpenAFS Administration Reference.</para>
<programlisting>
% <emphasis role="bold">kas examine afs -admin admin</emphasis>
</listitem>
</itemizedlist></para>
- <para>To learn how to install the client functionality on a machine, see the <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
+ <para>To learn how to install the client functionality on a machine, see the <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
<sect1 id="HDRWQ388">
<title>Summary of Instructions</title>
Cache Manager mounts the AFS filespace, the local disk directory to use as the cache, and how many kilobytes to
allocate to the cache.</para>
- <para>The <emphasis>IBM AFS Quick Beginnings</emphasis> explains how to create this file as you install a client
+ <para>The <emphasis>OpenAFS Quick Beginnings</emphasis> explains how to create this file as you install a client
machine. To change the cache size on a machine that uses a memory cache, edit the file and reboot the machine. On a
machine that uses a disk cache, you can change the cache size without rebooting by issuing the <emphasis
role="bold">fs setcachesize</emphasis> command. For instructions, see <link linkend="HDRWQ394">Determining the Cache
authenticated, and in which the command interpreters (for example, the <emphasis role="bold">bos</emphasis> command)
contact server processes.</para>
- <para>The <emphasis>IBM AFS Quick Beginnings</emphasis> explains how to create this file as you install the AFS client
+ <para>The <emphasis>OpenAFS Quick Beginnings</emphasis> explains how to create this file as you install the AFS client
functionality. To learn about changing a client machine's cell membership, see <link linkend="HDRWQ411">Setting a
Client Machine's Cell Membership</link>.</para>
</listitem>
<listitem>
<para>The AFS initialization script, called <emphasis role="bold">afs.rc</emphasis> on many system types. In the
- conventional configuration specified by the <emphasis>IBM AFS Quick Beginnings</emphasis>, it is a symbolic link to the
+ conventional configuration specified by the <emphasis>OpenAFS Quick Beginnings</emphasis>, it is a symbolic link to the
actual script kept in the same directory as other initialization files used by the operating system. <indexterm>
<primary>dynamic kernel loader programs</primary>
memory from other sources on the machine (number of users and processes). Machines running only a few processes possibly can
use a smaller memory cache.</para>
- <para>AFS imposes an absolute limit on cache size in some versions. See the <emphasis>IBM AFS Release Notes</emphasis> for the
+ <para>AFS imposes an absolute limit on cache size in some versions. See the <emphasis>OpenAFS Release Notes</emphasis> for the
version you are using.</para>
</sect2>
</indexterm>
<para>The Cache Manager determines how big to make the cache by reading the <emphasis
- role="bold">/usr/vice/etc/cacheinfo</emphasis> file as it initializes. As directed in the <emphasis>IBM AFS Quick
+ role="bold">/usr/vice/etc/cacheinfo</emphasis> file as it initializes. As directed in the <emphasis>OpenAFS Quick
Beginnings</emphasis>, you must create the file before running the <emphasis role="bold">afsd</emphasis> program. The file
also defines the directory on which to mount AFS (by convention, <emphasis role="bold">/afs</emphasis>), and the local disk
directory to use for a cache directory.</para>
<para>To change the cache size at reboot without editing the <emphasis role="bold">cacheinfo</emphasis> file, include the
<emphasis role="bold">-blocks</emphasis> argument to the <emphasis role="bold">afsd</emphasis> command; see the command's
- reference page in the IBM AFS Administration Reference.</para>
+ reference page in the OpenAFS Administration Reference.</para>
<para>For a disk cache, you can also use the <emphasis role="bold">fs setcachesize</emphasis> command to reset the cache size
without rebooting. The value you set persists until the next reboot, at which time the cache size returns to the value
and Location</link>. However, if you want to experiment with fine-tuning cache performance, you can use the arguments on the
<emphasis role="bold">afsd</emphasis> command to control several other parameters. This section discusses a few of these
parameters that have the most direct effect on cache performance. To learn more about the <emphasis role="bold">afsd</emphasis>
- command's arguments, see its reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ command's arguments, see its reference page in the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
<para>In addition, the AFS initialization script included in the AFS distribution for each system type includes several
variables that set several <emphasis role="bold">afsd</emphasis> arguments in a way that is suitable for client machines of
different sizes and usage patterns. For instructions on using the script most effectively, see the section on configuring the
- Cache Manager in the <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
+ Cache Manager in the <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
<sect2 id="HDRWQ403">
<title>Setting Cache Configuration Parameters</title>
the <emphasis role="bold">/usr/vice/etc/CellServDB</emphasis> file on the machine's local disk. In addition to the machine's
home cell, you can list any foreign cells that you want to enable users to access. (To enable access to a cell's filespace, you
must also mount its <emphasis role="bold">root.cell</emphasis> volume in the local AFS filespace; the conventional location is
- just under the AFS root directory, <emphasis role="bold">/afs</emphasis>. For instructions, see the <emphasis>IBM AFS Quick
+ just under the AFS root directory, <emphasis role="bold">/afs</emphasis>. For instructions, see the <emphasis>OpenAFS Quick
Beginnings</emphasis>.)</para>
<sect2 id="Header_451">
<para>Because a correct entry in the <emphasis role="bold">CellServDB</emphasis> file is vital for consistent client
performance, you must also update the file on each client machine whenever a cell's list of database server machines changes
- (for instance, when you follow the instructions in the <emphasis>IBM AFS Quick Beginnings</emphasis> to add or remove a
+ (for instance, when you follow the instructions in the <emphasis>OpenAFS Quick Beginnings</emphasis> to add or remove a
database server machine). To facilitate the client updates, you can use the <emphasis role="bold">package</emphasis> program,
which copies files from a central source in AFS to the local disk of client machines. It is conventional to invoke the
<emphasis role="bold">package</emphasis> program in a client machine's AFS initialization file so that it runs as the machine
<listitem>
<para>Specifies the complete Internet domain name of the AFS cell to link to a DCE cell for the purposes of DFS
fileset location. You can use this argument if the machine's AFS users access DFS via the AFS/DFS Migration
- Toolkit Protocol Translator. For instructions, see the <emphasis>IBM AFS/DFS Migration Toolkit Administration
+ Toolkit Protocol Translator. For instructions, see the <emphasis>OpenAFS/DFS Migration Toolkit Administration
Guide and Reference</emphasis>.</para>
</listitem>
</varlistentry>
<para>The Cache Manager assigns preference ranks to a file server machine when it obtains the server's VLDB record from the VL
Server, the first time that it accesses a volume that resides on the machine. If the machine is multihomed, the Cache Manager
assigns a distinct rank to each of its interfaces (up to the number of interfaces that the VLDB can store for each machine,
- which is specified in the <emphasis>IBM AFS Release Notes</emphasis>). The Cache Manager compares the interface's IP address
+ which is specified in the <emphasis>OpenAFS Release Notes</emphasis>). The Cache Manager compares the interface's IP address
to the local machine's address and applies the following algorithm: <itemizedlist>
<listitem>
<para>If the local machine is a file server machine, the base rank for each of its interfaces is 5,000.</para>
described in <link linkend="HDRWQ419">Configuring Client Machines with the package Program</link>.) The link also remains valid
when you upgrade the machine to a new system type.</para>
- <para>Configuration is simplest if you use the system type names that AFS assigns. For a list, see the <emphasis>IBM AFS Release
+ <para>Configuration is simplest if you use the system type names that AFS assigns. For a list, see the <emphasis>OpenAFS Release
Notes</emphasis>.</para>
<para>To display the system name stored in kernel memory, use the <emphasis role="bold">sys</emphasis> or <emphasis
<para>This section assumes that the <emphasis role="bold">package</emphasis>-related files have been installed in three
subdirectories of the <emphasis role="bold">/afs/</emphasis>cellname/<emphasis role="bold">wsadmin</emphasis> directory:
<emphasis role="bold">src</emphasis>, <emphasis role="bold">lib</emphasis> and <emphasis role="bold">etc</emphasis>, as
- recommended in the <emphasis>IBM AFS Quick Beginnings</emphasis>.</para>
+ recommended in the <emphasis>OpenAFS Quick Beginnings</emphasis>.</para>
<para>These directories contain several sample prototype, library, and configuration files, which can help to clarify how the
<emphasis role="bold">package</emphasis> program works. However, they are not necessarily suitable for use in your cell; you
directories, sockets, etc. Each line, called a <emphasis>configuration file instruction</emphasis>, defines a specific
component of disk configuration. The proper syntax for these instructions is briefly described in <link
linkend="HDRWQ429">Package Configuration File Instruction Syntax</link>; see the reference page for the <emphasis
- role="bold">package</emphasis> configuration file in the <emphasis>IBM AFS Administration Reference</emphasis> for detailed
+ role="bold">package</emphasis> configuration file in the <emphasis>OpenAFS Administration Reference</emphasis> for detailed
descriptions.</para>
<para>In this example, the library file contains instructions specific to the configuration of an <emphasis
<para>Within a library file, configuration file instructions are used to define the specific disk configuration. Each
instruction can be used to define a file, directory, socket, or device on the client machine. The syntax for each valid
- instruction type is described briefly here; detailed descriptions of the fields appear in the <emphasis>IBM AFS Command
+ instruction type is described briefly here; detailed descriptions of the fields appear in the <emphasis>OpenAFS Command
Reference Manual</emphasis>. <itemizedlist>
<listitem>
<para><emphasis role="bold">D</emphasis> defines a directory</para>
<para>Determine where the three <emphasis role="bold">package</emphasis>-related subdirectories (<emphasis
role="bold">src</emphasis>, <emphasis role="bold">lib</emphasis> and <emphasis role="bold">etc</emphasis>) reside in your
cell's file tree; the following instructions assume they were loaded into the <emphasis
- role="bold">/afs/</emphasis>cellname<emphasis role="bold">/wsadmin</emphasis> directory, as described in the IBM AFS Quick
+ role="bold">/afs/</emphasis>cellname<emphasis role="bold">/wsadmin</emphasis> directory, as described in the OpenAFS Quick
Beginnings.</para>
</listitem>
<para>To prepare a client to run the <emphasis role="bold">package</emphasis> program automatically, perform the following
steps. The instructions are generic because they do not refer to system-specific configuration files. If desired, you can invoke
- the <emphasis role="bold">package</emphasis> program with specific arguments, as described in the <emphasis>IBM AFS
+ the <emphasis role="bold">package</emphasis> program with specific arguments, as described in the <emphasis>OpenAFS
Administration Reference</emphasis>. <orderedlist>
<listitem>
<para>Specify the configuration file to use.</para>
<para>Using the <emphasis role="bold">-v</emphasis> and <emphasis role="bold">-c</emphasis> options is recommended. The
<emphasis role="bold">-v</emphasis> flag produces a detailed trace, and the <emphasis role="bold">-c</emphasis> option
- appends the system type to the base name of the configuration file. See the <emphasis>IBM AFS Administration
+ appends the system type to the base name of the configuration file. See the <emphasis>OpenAFS Administration
Reference</emphasis> for a description of other options.</para>
<note>
you do not provide this argument. There is no corresponding variable in the template file.</para>
<para>Instruct users to change their passwords to a truly secret string as soon as they authenticate with AFS for
- the first time. The <emphasis>IBM AFS User Guide</emphasis> explains how to use the <emphasis
+ the first time. The <emphasis>OpenAFS User Guide</emphasis> explains how to use the <emphasis
role="bold">kpasswd</emphasis> command to change an AFS password.</para>
</listitem>
</varlistentry>
</programlisting>
<para>For a complete description of the acceptable values in each field, see the <emphasis role="bold">uss Bulk Input
- File</emphasis> reference page in the <emphasis>IBM AFS Administration Reference</emphasis>, or the description of the
+ File</emphasis> reference page in the <emphasis>OpenAFS Administration Reference</emphasis>, or the description of the
corresponding arguments to the <emphasis role="bold">uss add</emphasis> command, in <link linkend="HDRWQ483">To create an AFS
account with the uss add command</link>. Following are some basic notes: <itemizedlist>
<listitem>
</programlisting>
<para>For a complete description of the acceptable values in each field, see the <emphasis role="bold">uss Bulk Input
- File</emphasis> reference page in the <emphasis>IBM AFS Administration Reference</emphasis> or the description of the
+ File</emphasis> reference page in the <emphasis>OpenAFS Administration Reference</emphasis> or the description of the
corresponding arguments to the <emphasis role="bold">uss delete</emphasis> command, in <link linkend="HDRWQ487">To delete an
AFS account</link>. Following are some basic notes: <itemizedlist>
<listitem>
<listitem>
<para>The initial password. Advise the user to change this at the first login, using the password changing
- instructions in the <emphasis>IBM AFS User Guide</emphasis>.</para>
+ instructions in the <emphasis>OpenAFS User Guide</emphasis>.</para>
</listitem>
<listitem>
<para>A persistent user can try to bypass this restriction by changing the password 20 times in quick succession (or
running a script to do so). If you believe this is likely to be a problem, you can include the <emphasis
role="bold">-minhours</emphasis> argument to the <emphasis role="bold">kaserver</emphasis> initialization command (for
- details, see the command's reference page in the <emphasis>IBM AFS Administration Reference</emphasis>. If the user
+ details, see the command's reference page in the <emphasis>OpenAFS Administration Reference</emphasis>. If the user
attempts to change passwords too frequently, the following message appears.</para>
<programlisting>
</itemizedlist></para>
<para>The AFS distribution includes an example <emphasis role="bold">kpwvalid</emphasis> program. See the <emphasis
- role="bold">kpwvalid</emphasis> reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ role="bold">kpwvalid</emphasis> reference page in the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
</listitem>
</itemizedlist></para>
<title>Changing AFS Passwords</title>
<para>After setting an initial password during account creation, you normally do not need to change user passwords, since they
- can use the <emphasis role="bold">kpasswd</emphasis> command themselves by following the instructions in the <emphasis>IBM AFS
+ can use the <emphasis role="bold">kpasswd</emphasis> command themselves by following the instructions in the <emphasis>OpenAFS
User Guide</emphasis>. In the rare event that a user forgets the password or otherwise cannot log in, you can use the <emphasis
role="bold">kas setpassword</emphasis> command to set a new password.</para>
restriction that some applications impose. Possible choices for an initial password include the username, a string
of digits from a personal identification number such as the Social Security number, or a standard string such as
<emphasis role="bold">changeme</emphasis>. Instruct the user to change the string to a truly secret password as soon
- as possible by using the <emphasis role="bold">kpasswd</emphasis> command as instructed in the <emphasis>IBM AFS
+ as possible by using the <emphasis role="bold">kpasswd</emphasis> command as instructed in the <emphasis>OpenAFS
User Guide</emphasis>.</para>
</listitem>
</varlistentry>
role="bold">fs listacl</emphasis> command is configured to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit,
you can use the command to display the ACL on DFS files and directories. To display a DFS directory's Initial Container and
Initial Object ACL instead of the regular one, include the <emphasis role="bold">fs listacl</emphasis> command's <emphasis
- role="bold">-id</emphasis> or <emphasis role="bold">-if</emphasis> flag. For instructions, see the <emphasis>IBM AFS/DFS
+ role="bold">-id</emphasis> or <emphasis role="bold">-if</emphasis> flag. For instructions, see the <emphasis>OpenAFS/DFS
Migration Toolkit Administration Guide and Reference</emphasis>. The <emphasis role="bold">fs</emphasis> command interpreter
ignores the <emphasis role="bold">-id</emphasis> and <emphasis role="bold">-if</emphasis> flags if you include them when
displaying an AFS ACL. <indexterm>
role="bold">fs setacl</emphasis> command is configured to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit,
you can use the command to set the ACL on DFS files and directories. To set a DFS directory's Initial Container and Initial
Object ACL instead of the regular one, include the <emphasis role="bold">fs setacl</emphasis> command's <emphasis
- role="bold">-id</emphasis> or <emphasis role="bold">-if</emphasis> flag. For instructions, see the <emphasis>IBM AFS/DFS
+ role="bold">-id</emphasis> or <emphasis role="bold">-if</emphasis> flag. For instructions, see the <emphasis>OpenAFS/DFS
Migration Toolkit Administration Guide and Reference</emphasis>. The <emphasis role="bold">fs</emphasis> command interpreter
ignores the <emphasis role="bold">-id</emphasis> and <emphasis role="bold">-if</emphasis> flags if you include them when setting
an AFS ACL. <indexterm>
users to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, then you can use the <emphasis role="bold">fs
copyacl</emphasis> command to copy ACLs between DFS files and directories also. The command includes <emphasis
role="bold">-id</emphasis> and <emphasis role="bold">-if</emphasis> flags for altering a DFS directory's Initial Container and
- Initial Object ACLs as well as its regular ACL; see the <emphasis>IBM AFS/DFS Migration Toolkit Administration Guide and
+ Initial Object ACLs as well as its regular ACL; see the <emphasis>OpenAFS/DFS Migration Toolkit Administration Guide and
Reference</emphasis>. You cannot copy ACLs between AFS and DFS directories, because they use different ACL formats. The
<emphasis role="bold">fs</emphasis> command interpreter ignores the <emphasis role="bold">-id</emphasis> and <emphasis
role="bold">-if</emphasis> flags if you include them when copying AFS ACLs. <indexterm>
you issue the <emphasis role="bold">bos create</emphasis> command to create and start the <emphasis
role="bold">fs</emphasis> process on the machine, include the <emphasis role="bold">-implicit</emphasis> argument to the
<emphasis role="bold">fileserver</emphasis> initialization command. For syntax details, see the <emphasis
- role="bold">fileserver</emphasis> reference page in the <emphasis>IBM AFS Administration Reference</emphasis>. You can
+ role="bold">fileserver</emphasis> reference page in the <emphasis>OpenAFS Administration Reference</emphasis>. You can
grant additional permissions, or remove the <emphasis role="bold">l</emphasis> permission. However, the File Server always
implicitly grants the <emphasis role="bold">a</emphasis> permission to members of the group, even if you set the value of
the <emphasis role="bold">-implicit</emphasis> argument to <emphasis role="bold">none</emphasis>.</para>
<para>To act as an NFS/AFS translator machine, a machine must configured as follows: <itemizedlist>
<listitem>
<para>It must be an AFS client. Many system types supported as AFS clients can be translator machines. To learn about
- possible restrictions in a specific release of AFS, see the <emphasis>IBM AFS Release Notes</emphasis>.</para>
+ possible restrictions in a specific release of AFS, see the <emphasis>OpenAFS Release Notes</emphasis>.</para>
</listitem>
<listitem>
using NFS (the latter AFS kernel extensions file generally has the string <emphasis role="bold">nonfs</emphasis> in its name).
A translator machine must use the NFS-enabled version of the AFS extensions file. On some system types, you select the
appropriate file by moving it to a certain location, whereas on other system types you set a variable that results in
- automatic selection of the correct file. See the instructions in the <emphasis>IBM AFS Quick Beginnings</emphasis> for
+ automatic selection of the correct file. See the instructions in the <emphasis>OpenAFS Quick Beginnings</emphasis> for
incorporating AFS into the kernel on each system type.</para>
<para>On many system types, NFS is included in the kernel by default, so it is not necessary to load NFS kernel extensions
explicitly. On system types where you must load NFS extensions, then in general you must load them before loading the AFS
- kernel extensions. The <emphasis>IBM AFS Quick Beginnings</emphasis> describes how to incorporate the AFS initialization
+ kernel extensions. The <emphasis>OpenAFS Quick Beginnings</emphasis> describes how to incorporate the AFS initialization
script into a machine's startup sequence so that it is ordered correctly with respect to the script that handles NFS.</para>
<para>In addition, the AFS extensions must be loaded into the kernel before the <emphasis role="bold">afsd</emphasis> command
daemon), which executes AFS-specific system calls on behalf of NFS clients. For a discussion of the implications of NFS users
issuing AFS commands, see <link linkend="HDRWQ600">Setting the AFSSERVER and AFSCONF Environment Variables</link>.</para>
- <para>The instructions in the IBM AFS Quick Beginnings for configuring the Cache Manager explain how to add options such as
+ <para>The instructions in the OpenAFS Quick Beginnings for configuring the Cache Manager explain how to add options such as
the <emphasis role="bold">-rmtsys</emphasis> flag to the <emphasis role="bold">afsd</emphasis> command in the AFS
initialization script. On many system types, it is simplest to list the flag on the line in the script that defines the
OPTIONS variable. The <emphasis>remote executor daemon</emphasis> does not consume many resources, so it is simplest to add it
<para><anchor id="LIWQ605" />Modify the <emphasis role="bold">afsd</emphasis> command in the AFS initialization file to
include the <emphasis role="bold">-rmtsys</emphasis> flag.</para>
- <para>For system types other than IRIX, the instructions in the <emphasis>IBM AFS Quick Beginnings</emphasis> for
+ <para>For system types other than IRIX, the instructions in the <emphasis>OpenAFS Quick Beginnings</emphasis> for
configuring the Cache Manager explain how to add the <emphasis role="bold">-rmtsys</emphasis> flag, for example by
adding it to the line in the script that defines the value for the OPTIONS variable.</para>
<para>On IRIX systems, the AFS initialization script automatically adds the <emphasis role="bold">-rmtsys</emphasis>
flag if you have activated the <emphasis role="bold">afsxnfs</emphasis> configuration variable as instructed in the
- <emphasis>IBM AFS Quick Beginnings</emphasis> instructions for incorporating AFS extensions into the kernel. If the
+ <emphasis>OpenAFS Quick Beginnings</emphasis> instructions for incorporating AFS extensions into the kernel. If the
variable is not already activated, issue the following command.</para>
<programlisting>
serve, it can be beneficial to add other arguments to the <emphasis role="bold">afsd</emphasis> command in the machine's
initialization file, such as the <emphasis role="bold">-daemons</emphasis> argument to set the number of background
daemons. See <link linkend="HDRWQ387">Administering Client Machines and the Cache Manager</link> and the <emphasis
- role="bold">afsd</emphasis> reference page in the <emphasis>IBM AFS Administration Reference</emphasis>.</para>
+ role="bold">afsd</emphasis> reference page in the <emphasis>OpenAFS Administration Reference</emphasis>.</para>
</listitem>
<listitem>
</itemizedlist></para>
<para>To enable users to issue AFS commands, the NFS client machine must also be a supported system type (one for which AFS
- binaries are available) and able to access the AFS command binaries. The <emphasis>IBM AFS Release Notes</emphasis> list the
+ binaries are available) and able to access the AFS command binaries. The <emphasis>OpenAFS Release Notes</emphasis> list the
supported system types in each release.</para>
<para>In addition, the AFSSERVER and AFSCONF environment variables must be set appropriately, as discussed in <link
the issuer omits the <emphasis role="bold">command_suite</emphasis> portion of the command name.</para>
<para>The <emphasis role="bold">operation_code</emphasis> tells the command interpreter and server process which action to
- perform. Most command suites include several operation codes. The <emphasis>IBM AFS Administration Reference</emphasis>
- describes each operation code in detail, and the <emphasis>IBM AFS Administration Guide</emphasis> describes how to use them
+ perform. Most command suites include several operation codes. The <emphasis>OpenAFS Administration Reference</emphasis>
+ describes each operation code in detail, and the <emphasis>OpenAFS Administration Guide</emphasis> describes how to use them
in the context of performing administrative tasks.</para>
<para>Several AFS commands do not belong to a suite and so their names do not have a <emphasis
role="bold">/vicep</emphasis><replaceable>x</replaceable> or <emphasis
role="bold">/vicep</emphasis><replaceable>xx</replaceable>, where the variable final portion is one or two lowercase
letters. By convention, the first server partition created on a file server machine is called <emphasis
- role="bold">/vicepa</emphasis>, the second <emphasis role="bold">/vicepb</emphasis>, and so on. The <emphasis>IBM AFS Quick
+ role="bold">/vicepa</emphasis>, the second <emphasis role="bold">/vicepb</emphasis>, and so on. The <emphasis>OpenAFS Quick
Beginnings</emphasis> explains how to configure and name a file server machine's partitions in preparation for storing AFS
volumes on them.</para>
<ulink url="c3025.html#HDRWQ118" role="AEN5325">Maintaining the Server CellServDB File</ulink>
</secondaryie>
<secondaryie>importance to Ubik operation,
- <ulink url="c3025.html#HDRWQ102" role="AEN4453">Replicating the AFS Administrative Databases</ulink>
+ <ulink url="c3025.html#HDRWQ102" role="AEN4453">Replicating the OpenAFS Administrative Databases</ulink>
</secondaryie>
<secondaryie>maintaining,
<ulink url="c3025.html#Header_138" role="AEN5295">To display an AFS binary's build level</ulink>
<ulink url="c6449.html#HDRWQ156" role="AEN7037">About Starting and Stopping the Database Server Processes</ulink>
</secondaryie>
<secondaryie>need to run all on every database server machine,
- <ulink url="c3025.html#HDRWQ102" role="AEN4450">Replicating the AFS Administrative Databases</ulink>
+ <ulink url="c3025.html#HDRWQ102" role="AEN4450">Replicating the OpenAFS Administrative Databases</ulink>
</secondaryie>
<secondaryie>restarting after adding entry to server CellServDB file,
<ulink url="c3025.html#HDRWQ120" role="AEN5452">To display a cell's database server machines</ulink>
<ulink url="c667.html#HDRWQ54" role="AEN1884">Configuring Client Machines</ulink>
</secondaryie>
<secondaryie>protecting on file server machine,
- <ulink url="c667.html#HDRWQ52" role="AEN1801">Replicating the AFS Administrative Databases</ulink>
+ <ulink url="c667.html#HDRWQ52" role="AEN1801">Replicating the OpenAFS Administrative Databases</ulink>
</secondaryie>
</indexentry>
<ulink url="c3025.html#HDRWQ109" role="AEN4796">To restore an administrative database</ulink>
</secondaryie>
<secondaryie>protecting directories on local disk,
- <ulink url="c667.html#HDRWQ52" role="AEN1798">Replicating the AFS Administrative Databases</ulink>
+ <ulink url="c667.html#HDRWQ52" role="AEN1798">Replicating the OpenAFS Administrative Databases</ulink>
</secondaryie>
<secondaryie>rebooting,
<ulink url="c3025.html#Header_160" role="AEN6362">To change a server machine's IP addresses</ulink>
<ulink url="c3025.html#HDRWQ101" role="AEN4413">Administering Database Server Machines</ulink>
</secondaryie>
<secondaryie>requirements summarized,
- <ulink url="c3025.html#HDRWQ102" role="AEN4447">Replicating the AFS Administrative Databases</ulink>
+ <ulink url="c3025.html#HDRWQ102" role="AEN4447">Replicating the OpenAFS Administrative Databases</ulink>
</secondaryie>
<secondaryie>server and client portions,
<ulink url="c3025.html#HDRWQ103" role="AEN4499">Configuring the Cell for Proper Ubik Operation</ulink>
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->AFS Administration Guide</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="NEXT"
-TITLE="About This Guide"
-HREF="f24.html"></HEAD
-><BODY
-CLASS="book"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="BOOK"
-><A
-NAME="AEN1"
-></A
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="title"
-><A
-NAME="AEN2"
->AFS Administration Guide</A
-></H1
-><H2
-CLASS="subtitle"
->Version 3.6</H2
-><P
-CLASS="copyright"
->Copyright © 2000 IBM Corporation. All Rights Reserved</P
-><DIV
-><DIV
-CLASS="abstract"
-><A
-NAME="AEN14"
-></A
-><P
->This edition applies to: <TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->IBM AFS for AIX, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for Digital Unix, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for HP-UX, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for Linux, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for SGI IRIX, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for Solaris, Version 3.6</TD
-></TR
-></TBODY
-></TABLE
-></P
-><P
->and to all subsequent releases and modifications until otherwise
- indicated in new editions.This softcopy version is based on the printed
- edition of this book. Some formatting amendments have been made to make
- this information more suitable for softcopy.</P
-></DIV
-></DIV
-><HR></DIV
-><DIV
-CLASS="TOC"
-><DL
-><DT
-><B
->Table of Contents</B
-></DT
-><DT
-><A
-HREF="f24.html"
->About This Guide</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="f24.html#HDRWQ1"
->Audience and Purpose</A
-></DT
-><DT
-><A
-HREF="f24.html#HDRWQ2"
->Document Organization</A
-></DT
-><DT
-><A
-HREF="f24.html#HDRWQ3"
->How to Use This Document</A
-></DT
-><DT
-><A
-HREF="f24.html#HDRWQ4"
->Related Documents</A
-></DT
-><DT
-><A
-HREF="f24.html#HDRTYPO_CONV"
->Typographical Conventions</A
-></DT
-></DL
-><BR></DD
-><DT
->I. <A
-HREF="p128.html"
->Concepts and Configuration Issues</A
-></DT
-><DD
-><DL
-><DT
->1. <A
-HREF="c130.html"
->An Overview of AFS Administration</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c130.html#HDRWQ6"
->A Broad Overview of AFS</A
-></DT
-><DT
-><A
-HREF="c130.html#HDRWQ7"
->More Detailed Discussions of Some Basic Concepts</A
-></DT
-><DT
-><A
-HREF="c130.html#HDRWQ17"
->AFS Server Processes and the Cache Manager</A
-></DT
-></DL
-><BR></DD
-><DT
->2. <A
-HREF="c667.html"
->Issues in Cell Configuration and Administration</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c667.html#HDRWQ30"
->Differences between AFS and UNIX: A Summary</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ34"
->Choosing a Cell Name</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ36"
->Participating in the AFS Global Namespace</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ41"
->Configuring Your AFS Filespace</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to Simplify Administration</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ51"
->Configuring Server Machines</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ54"
->Configuring Client Machines</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ57"
->Configuring AFS User Accounts</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ61"
->Using AFS Protection Groups</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ71"
->Security and Authorization in AFS</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ77"
->Backing Up AFS Data</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ78"
->Using UNIX Remote Services in the AFS Environment</A
-></DT
-><DT
-><A
-HREF="c667.html#HDRWQ79"
->Accessing AFS through NFS</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->II. <A
-HREF="p3023.html"
->Managing File Server Machines</A
-></DT
-><DD
-><DL
-><DT
->3. <A
-HREF="c3025.html"
->Administering Server Machines</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c3025.html#HDRWQ81"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ83"
->Local Disk Files on a Server Machine</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ90"
->The Four Roles for File Server Machines</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ110"
->Installing Server Process Software</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server CellServDB File</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ123"
->Managing Authentication and Authorization Requirements</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ138"
->Managing Server IP Addresses and VLDB Server Entries</A
-></DT
-><DT
-><A
-HREF="c3025.html#HDRWQ139"
->Rebooting a Server Machine</A
-></DT
-></DL
-><BR></DD
-><DT
->4. <A
-HREF="c6449.html"
->Monitoring and Controlling Server Processes</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c6449.html#HDRWQ143"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ145"
->Brief Descriptions of the AFS Server Processes</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ154"
->Controlling and Checking Process Status</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ158"
->Displaying Process Status and Information from the BosConfig File</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ164"
->Stopping and Starting Processes Permanently</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ167"
->Stopping and Starting Processes Temporarily</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
-></DT
-><DT
-><A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
-></DT
-></DL
-><BR></DD
-><DT
->5. <A
-HREF="c8420.html"
->Managing Volumes</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c8420.html#HDRWQ175"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ177"
->About Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ216"
->Displaying Information About Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume Quota and Current Size</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ240"
->Dumping and Restoring Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
-></DT
-><DT
-><A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB Entries</A
-></DT
-></DL
-><BR></DD
-><DT
->6. <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c12776.html#HDRWQ249"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ251"
->Introduction to Backup System Features</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ257"
->Overview of Backup System Configuration</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ260"
->Granting Administrative Privilege to Backup Operators</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ261"
->Configuring Tape Coordinator Machines and Tape Devices</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ267"
->Defining and Displaying the Dump Hierarchy</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
-></DT
-><DT
-><A
-HREF="c12776.html#HDRWQ275"
->Automating and Increasing the Efficiency of the Backup Process</A
-></DT
-></DL
-><BR></DD
-><DT
->7. <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c15383.html#HDRWQ284"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c15383.html#HDRWQ286"
->Using the Backup System's Interfaces</A
-></DT
-><DT
-><A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
-></DT
-><DT
-><A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
-></DT
-><DT
-><A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
-></DT
-><DT
-><A
-HREF="c15383.html#HDRWQ316"
->Maintaining the Backup Database</A
-></DT
-></DL
-><BR></DD
-><DT
->8. <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c18360.html#HDRWQ324"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c18360.html#HDRWQ326"
->Using the scout Program</A
-></DT
-><DT
-><A
-HREF="c18360.html#HDRWQ341"
->Using the fstrace Command Suite</A
-></DT
-><DT
-><A
-HREF="c18360.html#HDRWQ349"
->Using the afsmonitor Program</A
-></DT
-><DT
-><A
-HREF="c18360.html#HDRWQ351"
->Configuring the afsmonitor Program</A
-></DT
-><DT
-><A
-HREF="c18360.html#HDRWQ352"
->Writing afsmonitor Statistics to a File</A
-></DT
-><DT
-><A
-HREF="c18360.html#Header_398"
->To start the afsmonitor Program</A
-></DT
-><DT
-><A
-HREF="c18360.html#Header_399"
->To stop the afsmonitor program</A
-></DT
-><DT
-><A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
-></DT
-><DT
-><A
-HREF="c18360.html#HDRWQ354"
->Auditing AFS Events on AIX File Servers</A
-></DT
-></DL
-><BR></DD
-><DT
->9. <A
-HREF="c20494.html"
->Managing Server Encryption Keys</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c20494.html#HDRWQ356"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c20494.html#HDRWQ358"
->About Server Encryption Keys</A
-></DT
-><DT
-><A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
-></DT
-><DT
-><A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
-></DT
-><DT
-><A
-HREF="c20494.html#HDRWQ368"
->Removing Server Encryption Keys</A
-></DT
-><DT
-><A
-HREF="c20494.html#HDRWQ370"
->Handling Server Encryption Key Emergencies</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->III. <A
-HREF="p21471.html"
->Managing Client Machines</A
-></DT
-><DD
-><DL
-><DT
->10. <A
-HREF="c21473.html"
->Administering Client Machines and the Cache Manager</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c21473.html#HDRWQ388"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ390"
->Overview of Cache Manager Customization</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ391"
->Configuration and Cache-Related Files on the Local Disk</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size, and Location</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ402"
->Setting Other Cache Parameters with the afsd program</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid Programs</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ410"
->Setting the File Server Probe Interval</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ411"
->Setting a Client Machine's Cell Membership</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ416"
->Controlling the Display of Warning and Informational Messages</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the System Type Name</A
-></DT
-><DT
-><A
-HREF="c21473.html#HDRWQ418"
->Enabling Asynchronous Writes</A
-></DT
-></DL
-><BR></DD
-><DT
->11. <A
-HREF="c23832.html"
->Configuring Client Machines with the package Program</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c23832.html#HDRWQ420"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ422"
->Using the package Program</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ423"
->Package Overview</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ425"
->The package Directory Structure</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ427"
->Example Prototype and Library Files</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ429"
->Package Configuration File Instruction Syntax</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ437"
->Constructing Prototype and Library Files</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ438"
->The Package Makefile File</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ445"
->Modifying the Makefile</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ446"
->Compiling Prototype Files</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ447"
->Modifying Client Machines</A
-></DT
-><DT
-><A
-HREF="c23832.html#HDRWQ448"
->Running the package program</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->IV. <A
-HREF="p24911.html"
->Managing Users and Groups</A
-></DT
-><DD
-><DL
-><DT
->12. <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command Suite</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c24913.html#HDRWQ450"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c24913.html#HDRWQ452"
->Overview of the uss Command Suite</A
-></DT
-><DT
-><A
-HREF="c24913.html#HDRWQ455"
->Creating Local Password File Entries with uss</A
-></DT
-><DT
-><A
-HREF="c24913.html#HDRWQ459"
->Converting Existing UNIX Accounts with uss</A
-></DT
-><DT
-><A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template File</A
-></DT
-><DT
-><A
-HREF="c24913.html#HDRWQ480"
->Creating Individual Accounts with the uss add Command</A
-></DT
-><DT
-><A
-HREF="c24913.html#HDRWQ486"
->Deleting Individual Accounts with the uss delete Command</A
-></DT
-><DT
-><A
-HREF="c24913.html#HDRWQ488"
->Creating and Deleting Multiple Accounts with the uss bulk Command</A
-></DT
-></DL
-><BR></DD
-><DT
->13. <A
-HREF="c27596.html"
->Administering User Accounts</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c27596.html#HDRWQ492"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ494"
->The Components of an AFS User Account</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ495"
->Creating Local Password File Entries</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ498"
->Converting Existing UNIX Accounts</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ515"
->Improving Password and Authentication Security</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ516"
->Changing AFS Passwords</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ517"
->Displaying and Setting the Quota on User Volumes</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ518"
->Changing Usernames</A
-></DT
-><DT
-><A
-HREF="c27596.html#HDRWQ524"
->Removing a User Account</A
-></DT
-></DL
-><BR></DD
-><DT
->14. <A
-HREF="c29323.html"
->Administering the Protection Database</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ534"
->About the Protection Database</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ542"
->Creating User and Machine Entries</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ552"
->Deleting Protection Database Entries</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ554"
->Changing a Group's Owner</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ556"
->Changing a Protection Database Entry's Name</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ558"
->Setting Group-Creation Quota</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ559"
->Setting the Privacy Flags on Database Entries</A
-></DT
-><DT
-><A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
-></DT
-></DL
-><BR></DD
-><DT
->15. <A
-HREF="c31274.html"
->Managing Access Control Lists</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c31274.html#HDRWQ563"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c31274.html#HDRWQ565"
->Protecting Data in AFS</A
-></DT
-><DT
-><A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
-></DT
-><DT
-><A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
-></DT
-><DT
-><A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
-></DT
-><DT
-><A
-HREF="c31274.html#HDRWQ577"
->Copying ACLs Between Directories</A
-></DT
-><DT
-><A
-HREF="c31274.html#HDRWQ579"
->Removing Obsolete AFS IDs from ACLs</A
-></DT
-><DT
-><A
-HREF="c31274.html#HDRWQ580"
->How AFS Interprets the UNIX Mode Bits</A
-></DT
-></DL
-><BR></DD
-><DT
->16. <A
-HREF="c32432.html"
->Managing Administrative Privilege</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c32432.html#HDRWQ582"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="c32432.html#HDRWQ584"
->An Overview of Administrative Privilege</A
-></DT
-><DT
-><A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
-></DT
-><DT
-><A
-HREF="c32432.html#HDRWQ589"
->Granting Privilege for kas Commands: the ADMIN Flag</A
-></DT
-><DT
-><A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->A. <A
-HREF="a33047.html"
->Managing the NFS/AFS Translator</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a33047.html#HDRWQ596"
->Summary of Instructions</A
-></DT
-><DT
-><A
-HREF="a33047.html#HDRWQ598"
->Overview</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a33047.html#HDRWQ599"
->Enabling Unauthenticated or Authenticated AFS Access</A
-></DT
-><DT
-><A
-HREF="a33047.html#HDRWQ600"
->Setting the AFSSERVER and AFSCONF Environment Variables</A
-></DT
-><DT
-><A
-HREF="a33047.html#HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a33047.html#HDRWQ603"
->Configuring NFS/AFS Translator Machines</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a33047.html#Header_676"
->Loading NFS and AFS Kernel Extensions</A
-></DT
-><DT
-><A
-HREF="a33047.html#HDRRMTSYS"
->Configuring the Translator Machine to Accept AFS Commands</A
-></DT
-><DT
-><A
-HREF="a33047.html#HDRWQ604"
->Controlling Optional Translator Features</A
-></DT
-><DT
-><A
-HREF="a33047.html#Header_679"
->To configure an NFS/AFS translator machine</A
-></DT
-><DT
-><A
-HREF="a33047.html#Header_680"
->To disable or enable Translator functionality, or set optional features</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a33047.html#HDRWQ606"
->Configuring NFS Client Machines</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a33047.html#Header_682"
->To configure an NFS client machine to access AFS</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a33047.html#HDRWQ610"
->Configuring User Accounts</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a33047.html#Header_684"
->To configure a user account for issuing AFS commands</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a33047.html#HDRWQ612"
->Authenticating on Unsupported NFS Client Machines</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a33047.html#Header_686"
->To authenticate using the knfs command</A
-></DT
-><DT
-><A
-HREF="a33047.html#Header_687"
->To display tokens using the knfs command</A
-></DT
-><DT
-><A
-HREF="a33047.html#Header_688"
->To discard tokens using the knfs command</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->B. <A
-HREF="a33826.html"
->Using AFS Commands</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a33826.html#HDRWQ613"
->AFS Command Syntax</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a33826.html#Header_691"
->Command Names</A
-></DT
-><DT
-><A
-HREF="a33826.html#Header_692"
->Options</A
-></DT
-><DT
-><A
-HREF="a33826.html#Header_693"
->Arguments</A
-></DT
-><DT
-><A
-HREF="a33826.html#Header_694"
->Flags</A
-></DT
-><DT
-><A
-HREF="a33826.html#HDRCOMMAND-EX"
->An Example Command</A
-></DT
-><DT
-><A
-HREF="a33826.html#HDRWQ614"
->Rules for Entering AFS Commands</A
-></DT
-><DT
-><A
-HREF="a33826.html#HDRWQ615"
->Rules for Using Abbreviations and Aliases</A
-></DT
-><DT
-><A
-HREF="a33826.html#HDRWQ616"
->Displaying Online Help for AFS Commands</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->C. <A
-HREF="a34149.html"
->The afsmonitor Program Statistics</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a34149.html#HDRWQ618"
->The Cache Manager Statistics</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a34149.html#Header_708"
->Performance Statistics Section (PerfStats_section)</A
-></DT
-><DT
-><A
-HREF="a34149.html#Header_709"
->Server Up/Down Statistics Section (Server_UpDown_section)</A
-></DT
-><DT
-><A
-HREF="a34149.html#Header_710"
->RPC Operation Measurements Section (RPCop_section)</A
-></DT
-><DT
-><A
-HREF="a34149.html#Header_711"
->Authentication and Replicated File Access Section (Auth_Access_section)</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a34149.html#HDRWQ619"
->The File Server Statistics</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a34149.html#Header_713"
->Performance Statistics Section (PerfStats_section)</A
-></DT
-><DT
-><A
-HREF="a34149.html#Header_714"
->RPC Operations Section (RPCop_section)</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->D. <A
-HREF="a35965.html"
->AIX Audit Events</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a35965.html#HDRWQ621"
->Introduction</A
-></DT
-><DT
-><A
-HREF="a35965.html#HDRWQ622"
->Audit-Specific Events</A
-></DT
-><DT
-><A
-HREF="a35965.html#HDRWQ627"
->Volume Server Events</A
-></DT
-><DT
-><A
-HREF="a35965.html#HDRWQ630"
->Backup Server Events</A
-></DT
-><DT
-><A
-HREF="a35965.html#HDRWQ633"
->Protection Server Events</A
-></DT
-><DT
-><A
-HREF="a35965.html#HDRWQ636"
->Authentication Events</A
-></DT
-><DT
-><A
-HREF="a35965.html#HDRWQ639"
->File Server and Cache Manager Interface Events</A
-></DT
-><DT
-><A
-HREF="a35965.html#HDRWQ642"
->BOS Server Events</A
-></DT
-><DT
-><A
-HREF="a35965.html#HDRWQ645"
->Volume Location Server Events</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="i37012.html"
->Index</A
-></DT
-></DL
-><BR></DIV
-><DIV
-CLASS="LOT"
-><DL
-CLASS="LOT"
-><DT
-><B
->List of Tables</B
-></DT
-><DT
->1. <A
-HREF="c667.html#TBLVOL-PREFIX"
->Suggested volume prefixes</A
-></DT
-><DT
->2. <A
-HREF="c667.html#TBLPREFIX-EXAMPLE"
->Example volume-prefixing scheme</A
-></DT
-><DT
->3. <A
-HREF="c24913.html#TBLWQ466"
->Source for values of uss template variables</A
-></DT
-><DT
->4. <A
-HREF="c24913.html#TBLWQ481"
->Command-line argument sources for uss template variables</A
-></DT
-></DL
-></DIV
-><DIV
-CLASS="LOT"
-><DL
-CLASS="LOT"
-><DT
-><B
->List of Figures</B
-></DT
-><DT
->1. <A
-HREF="c8420.html#FIGWQ191"
->File Sharing Between the Read/write Source and a Clone Volume</A
-></DT
-><DT
->2. <A
-HREF="c18360.html#FIGWQ337"
->First example scout display</A
-></DT
-><DT
->3. <A
-HREF="c18360.html#FIGWQ338"
->Second example scout display</A
-></DT
-><DT
->4. <A
-HREF="c18360.html#FIGWQ339"
->Third example scout display</A
-></DT
-><DT
->5. <A
-HREF="c18360.html#FIGWQ340"
->Fourth example scout display</A
-></DT
-><DT
->6. <A
-HREF="c18360.html#Figure_6"
->The afsmonitor System Overview Screen</A
-></DT
-><DT
->7. <A
-HREF="c18360.html#Figure_7"
->The afsmonitor File Servers Screen</A
-></DT
-><DT
->8. <A
-HREF="c18360.html#Figure_8"
->The afsmonitor File Servers Screen Shifted One Page to the Right</A
-></DT
-><DT
->9. <A
-HREF="c18360.html#Figure_9"
->The afsmonitor Cache Managers Screen</A
-></DT
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="f24.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->About This Guide</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Configuring the AFS Backup System</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing File Server Machines"
-HREF="p3023.html"><LINK
-REL="PREVIOUS"
-TITLE="Managing Volumes"
-HREF="c8420.html"><LINK
-REL="NEXT"
-TITLE="Backing Up and Restoring AFS Data"
-HREF="c15383.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c8420.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c15383.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ248"
-></A
->Chapter 6. Configuring the AFS Backup System</H1
-><P
->The AFS Backup System helps you to create backup copies of data from AFS volumes and to restore data to the file system if
- it is lost or corrupted. This chapter explains how to configure the Backup System. For instructions on backing up and restoring
- data and displaying dump records, see <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
->.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ249"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN12783"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="70*"><COL
-WIDTH="30*"><TBODY
-><TR
-><TD
->Determine tape capacity and filemark size</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Define Tape Coordinator entry in Backup Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addhost</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove Tape Coordinator entry from Backup Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delhost</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display Tape Coordinator entries from Backup Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listhosts</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create volume set</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolset</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Add volume entry to volume set</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolentry</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->List volume sets and entries</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listvolsets</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Delete volume set from Backup Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delvolset</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Delete volume entry from volume set</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delvolentry</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Define dump level</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup adddump</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change expiration date on existing dump level</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup setexp</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Delete dump level from dump hierarchy</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup deldump</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display dump hierarchy</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listdumps</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Label tape</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Read label on tape</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup readlabel</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ251"
->Introduction to Backup System Features</A
-></H1
-><P
->The AFS Backup System is highly flexible, enabling you to control most aspects of the backup process, including how often
- backups are performed, which volumes are backed up, and whether to dump all of the data in a volume or just the data that has
- changed since the last dump operation. You can also take advantage of several features that automate much of the backup
- process.</P
-><P
->To administer and use the Backup System most efficiently, it helps to be familiar with its basic features, which are
- described in the following sections. For pointers to instructions for implementing the features as you configure the Backup
- System in your cell, see <A
-HREF="c12776.html#HDRWQ257"
->Overview of Backup System Configuration</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ252"
->Volume Sets and Volume Entries</A
-></H2
-><P
->When you back up AFS data, you specify which data to include in terms of complete volumes rather than individual files.
- More precisely, you define groups of volumes called <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume sets</I
-></SPAN
->, each of which includes one or more
- volumes that you want to back up in a single operation. You must include a volume in a volume set to back it up, because the
- command that backs up data (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command) does not accept individual volume
- names.</P
-><P
->A volume set consists of one or more <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume entries</I
-></SPAN
->, each of which specifies which volumes to back
- up based on their location (file server machine and partition) and volume name. You can use a wildcard notation to include all
- volumes that share a location, a common character string in their names, or both.</P
-><P
->For instructions on creating and removing volume sets and volume entries, see <A
-HREF="c12776.html#HDRWQ265"
->Defining and
- Displaying Volume Sets and Volume Entries</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_274"
->Dumps and Dump Sets</A
-></H2
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump</I
-></SPAN
-> is the collection of data that results from backing up a volume set. A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->full
- dump</I
-></SPAN
-> includes all of the data in every volume in the volume set, as it exists at the time of the dump operation. An
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->incremental dump</I
-></SPAN
-> includes only some of the data from the volumes in the volume set, namely those files
- and directory structures that have changed since a specified previous dump operation was performed. The previous dump is
- referred to as the incremental dump's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->parent dump</I
-></SPAN
->, and it can be either a full dump or an incremental
- dump itself.</P
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump set</I
-></SPAN
-> is a collection of one or more dumps stored together on one or more tapes. The first
- dump in the dump set is the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->initial dump</I
-></SPAN
->, and any subsequent dump added onto the end of an existing dump
- set is an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->appended dump</I
-></SPAN
->. Appending dumps is always optional, but maximizes use of a tape's capacity. In
- contrast, creating only initial dumps can result in many partially filled tapes, because an initial dump must always start on
- a new tape, but does not necessarily extend to the end of the tape. Appended dumps do not have to be related to one another or
- to the initial dump (they do not have to be dumps of the same or related volume sets), but well-planned appending can reduce
- the number of times you have to change tapes during a restore operation. For example, it can make sense to append incremental
- dumps of a volume set together in a single dump set.</P
-><P
->All the records for a dump set are indexed together in the Backup Database based on the initial dump (for more on the
- Backup Database, see <A
-HREF="c12776.html#HDRWQ256"
->The Backup Database and Backup Server Process</A
->). To delete the database
- record of an appended dump, you must delete the initial dump record, and doing so deletes the records for all dumps in the
- dump set. Similarly, you cannot recycle just one tape in a dump set without deleting the database records of all tapes in the
- dump set.</P
-><P
->For instructions on creating an initial dump, see <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->, and to learn how to
- append dumps, see <A
-HREF="c15383.html#HDRWQ299"
->Appending Dumps to an Existing Dump Set</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_275"
->Dump Hierarchies, Dump Levels and Expiration Dates</A
-></H2
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump hierarchy</I
-></SPAN
-> is a logical structure that defines the relationship between full and incremental
- dumps; that is, it defines which dump serves as the parent for an incremental dump. Each individual component of a hierarchy
- is a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump level</I
-></SPAN
->. When you create a dump by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
->
- command, you specify a volume set name and a dump level name. The Backup System uses the dump level to determine whether the
- dump is full or incremental, and if incremental, which dump level to use as the parent.</P
-><P
->You can associate an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->expiration date</I
-></SPAN
-> with a dump level, to define when a dump created at that level
- expires. The Backup System refuses to overwrite a tape until all dumps in the dump set to which the tape belongs have expired,
- so assigning expiration dates automatically determines how you recycle tapes. You can define an expiration date either in
- absolute terms (for example, 13 January 2000) or relative terms (for example, 30 days from when the dump is created). You can
- also change the expiration date associated with a dump level (but not with an actual dump that has already been created at
- that level).</P
-><P
->For instructions on creating dump hierarchies, assigning expiration dates, and establishing a tape recycling schedule,
- see <A
-HREF="c12776.html#HDRWQ267"
->Defining and Displaying the Dump Hierarchy</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ253"
->Dump Names and Tape Names</A
-></H2
-><P
->When you create a dump, the Backup System creates a Backup Database record for it, assigning a name comprising the
- volume set name and the last element in the dump level pathname:</P
-><PRE
-CLASS="programlisting"
-> volume_set_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->dump_level_name
-</PRE
-><P
->For example, a dump of the volume set <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
-> at the dump level <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday/friday</B
-></SPAN
-> is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.friday</B
-></SPAN
->. The Backup System also assigns a
- unique <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump ID</I
-></SPAN
-> number to the dump to distinguish it from other dumps with the same name that possibly
- exist.</P
-><P
->The Backup System assigns a similar <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->AFS tape name</I
-></SPAN
-> to each tape that contains a dump set, reflecting
- the volume set and dump level of the dump set's initial dump, plus a numerical index of the tape's position in the dump set,
- and a unique dump ID number:</P
-><PRE
-CLASS="programlisting"
-> volume_set_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->dump_level_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->tape_index (dump ID)
-</PRE
-><P
->For example, the second tape in a dump set whose initial dump is of the volume set <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uservol</B
-></SPAN
-> at the dump level <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday/friday</B
-></SPAN
-> has AFS tape name like
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uservol.friday.2</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->914382400</B
-></SPAN
->).</P
-><P
->In addition to its AFS tape name, a tape can have an optional <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->permanent name</I
-></SPAN
-> that you assign.
- Unlike the AFS tape name, the permanent name does not have to indicate the volume set and dump level of the initial (or any
- other) dump, and so does not change depending on the contents of the tape. The Backup System does not require a certain format
- for permanent names, so you need to make sure that each tape's name is unique. If a tape has a permanent name, the Backup
- System uses it rather than the AFS tape name when referring to the tape in prompts and the output from most <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands, but still tracks the AFS tape name internally.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ254"
->Tape Labels, Dump Labels, and EOF Markers</A
-></H2
-><P
->Every tape used in the Backup System has a magnetic label at the beginning that records the tape's name, capacity, and
- other information. You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command to write a label, or the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command creates one automatically if you use an unlabeled tape. The label records
- the following information: <UL
-><LI
-><P
->The tape's permanent name, which you can assign by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-> argument to
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command. It can be any string of up to 32 characters. If you do
- not assign a permanent name, the Backup System records the value <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
-> when you
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command to assign an AFS tape name, or when you use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command to write a dump to the tape.</P
-></LI
-><LI
-><P
->The tape's AFS <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->tape name</I
-></SPAN
->, which can be one of three types of values: <UL
-><LI
-><P
->A name that reflects the volume set and dump level of the dump set's initial dump and the tape's place in
- the sequence of tapes for the dump set, as described in <A
-HREF="c12776.html#HDRWQ253"
->Dump Names and Tape Names</A
->.
- If the tape does not have a permanent name, you can assign the AFS tape name by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->The value <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
->, which results when you assign a permanent name, or
- provide no value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument.</P
-></LI
-><LI
-><P
->No AFS tape name at all, indicating that you have never labeled the tape or written a dump to it.</P
-></LI
-></UL
-></P
-><P
->If a tape does not already have an actual AFS tape name when you write a dump to it, the Backup System constructs
- and records the appropriate AFS tape name. If the tape does have an AFS tape name and you are writing an initial dump,
- then the name must correctly reflect the dump's volume set and dump level.</P
-></LI
-><LI
-><P
->The capacity, or <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->size</I
-></SPAN
->, of the tape, followed by a letter that indicates the unit of measure
- (<SAMP
-CLASS="computeroutput"
->k</SAMP
-> or <SAMP
-CLASS="computeroutput"
->K</SAMP
-> for kilobytes,
- <SAMP
-CLASS="computeroutput"
->m</SAMP
-> or <SAMP
-CLASS="computeroutput"
->M</SAMP
-> for megabytes,
- <SAMP
-CLASS="computeroutput"
->g</SAMP
-> or <SAMP
-CLASS="computeroutput"
->G</SAMP
-> for gigabytes, or
- <SAMP
-CLASS="computeroutput"
->t</SAMP
-> or <SAMP
-CLASS="computeroutput"
->T</SAMP
-> for terabytes). The tape's manufacturer
- determines the tape's capacity. For further discussion of how the Backup System uses the value in the capacity field,
- see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->.</P
-></LI
-></UL
-></P
-><P
->For information about labeling tapes, see <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->.</P
-><P
->In addition to the tape label, the Backup System writes a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump label</I
-></SPAN
-> on the tape for every appended
- dump (the tape label and dump label are the same for the initial dump). A dump label records the following information:
- <UL
-><LI
-><P
->The name of the tape containing the dump</P
-></LI
-><LI
-><P
->The date and time that the dump operation began</P
-></LI
-><LI
-><P
->The cell to which the volumes in the dump belong</P
-></LI
-><LI
-><P
->The dump's size in kilobytes</P
-></LI
-><LI
-><P
->The dump's dump level</P
-></LI
-><LI
-><P
->The dump's dump ID</P
-></LI
-></UL
-></P
-><P
->The Backup System writes a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->filemark</I
-></SPAN
-> (also called an End-of-File or EOF marker) between the data
- from each volume in a dump. The tape device's manufacturer determines the filemark size, which is typically between 2 KB and 2
- MB; in general, the larger the usual capacity of the tapes that the device uses, the larger the filemark size. If a dump
- contains a small amount of data from each of a large number of volumes, as incremental dumps often do, then the filemark size
- can significantly affect how much volume data fits on the tape. To enable the Backup System to factor in filemark size as it
- writes a dump, you can record the filemark size in a configuration file; see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the
- tapeconfig File</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ255"
->Tape Coordinator Machines, Port Offsets, and Backup Data Files</A
-></H2
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Tape Coordinator machine</I
-></SPAN
-> is a machine that drives one or more attached tape devices used for
- backup operations. It must run the AFS client software (the Cache Manager) but reside in a physically secure location to
- prevent unauthorized access to its console. Before backup operations can run on a Tape Coordinator machine, each tape device
- on the machine must be registered in the Backup Database, and certain files and directories must exist on the machine's local
- disk; for instructions, see <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->.</P
-><P
->Each tape device on a Tape Coordinator machine listens for backup requests on a different UNIX port. You pick the port
- indirectly by assigning a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->port offset number</I
-></SPAN
-> to the tape device. The Backup System sets the device's
- actual port by adding the port offset to a base port number that it determines internally. For instructions on assigning port
- offset numbers, see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->.</P
-><P
->For a tape device to perform backup operations, a Backup Tape Coordinator (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->)
- process dedicated to the device must be running actively on the Tape Coordinator machine. You then direct backup requests to
- the device's Tape Coordinator by specifying its port offset number with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
->
- argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command.</P
-><P
->In addition to writing backup data to tape, you can direct it to a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->backup data file</I
-></SPAN
-> on the local
- disk of a Tape Coordinator machine. You can then to transfer the data to a data-archiving system, such as a hierarchical
- storage management (HSM) system, that you use in conjunction with AFS and the Backup System. A backup data file has a port
- offset like a tape device. For instructions on configuring backup data files, see <A
-HREF="c12776.html#HDRWQ282"
->Dumping Data to a
- Backup Data File</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ256"
->The Backup Database and Backup Server Process</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Backup Database</I
-></SPAN
-> is a replicated administrative database maintained by the Backup Server process
- on the cell's database server machines. Like the other AFS database server processes, the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Backup Server</I
-></SPAN
->
- uses the Ubik utility to keep the various copies of the database synchronized (for a discussion of Ubik, see <A
-HREF="c667.html#HDRWQ52"
->Replicating the AFS Administrative Databases</A
->).</P
-><P
->The Backup Database records the following information: <UL
-><LI
-><P
->The Tape Coordinator machine's hostname and the port offset number for each tape device used for backup
- operations</P
-></LI
-><LI
-><P
->The dump hierarchy, which consists of its component dump levels and their associated expiration dates</P
-></LI
-><LI
-><P
->The volume sets and their component volume entries</P
-></LI
-><LI
-><P
->A record for each dump, which includes the name of each tape it appears on, a list of the volumes from which data
- is included, the dump level, the expiration date, and the dump ID of the initial dump with which the dump is
- associated</P
-></LI
-><LI
-><P
->A record for each tape that houses dumped data</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_280"
->Interfaces to the Backup System</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> suite of commands is the administrative interface to the Backup System. You
- can issue the commands in a command shell (or invoke them in a shell script) on any AFS client or server machine from which
- you can access the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> binary. In the conventional configuration, the binary resides on
- the local disk.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command suite provides an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->interactive mode</I
-></SPAN
->, in which
- you can issue multiple commands over a persistent connection to the Backup Server and the Volume Location (VL) Server.
- Interactive mode has several convenient features, including the following: <UL
-><LI
-><P
->You need to type only the operation code, omitting the initial <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
- string.</P
-></LI
-><LI
-><P
->If you assume another AFS identity or specify a foreign cell as you enter interactive mode, it applies to all
- subsequent commands.</P
-></LI
-><LI
-><P
->You do not need to enclose shell metacharacters in double quotes.</P
-></LI
-><LI
-><P
->You can track current and pending operations with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) jobs</B
-></SPAN
-> command,
- which is available only in this mode.</P
-></LI
-><LI
-><P
->You can cancel current and pending operations with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command,
- which is available only in this mode.</P
-></LI
-></UL
-></P
-><P
->Before issuing a command that requires reading or writing a tape (or backup data file), you must also open a connection
- to the Tape Coordinator machine that is attached to the relevant tape device (or that has the backup data file on its local
- disk), and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command to initialize the Tape Coordinator process. The process
- must continue to run and the connection remain open as long as you need to use the tape device or file for backup
- operations.</P
-><P
->For further discussion and instructions, see <A
-HREF="c15383.html#HDRWQ286"
->Using the Backup System's
- Interfaces</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ257"
->Overview of Backup System Configuration</A
-></H1
-><P
->Before you can use the Backup System to back up and restore data, you must configure several of its basic components. The
- indicated sections of this chapter explain how to perform the following configuration tasks: <UL
-><LI
-><P
->Determining a tape's capacity and a tape device's filemark size, and recording them in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file (see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig
- File</A
->)</P
-></LI
-><LI
-><P
->Determining how to grant administrative privilege to backup operators (see <A
-HREF="c12776.html#HDRWQ260"
->Granting
- Administrative Privilege to Backup Operators</A
->)</P
-></LI
-><LI
-><P
->Configuring Tape Coordinator machines, tape devices, and backup data files (see <A
-HREF="c12776.html#HDRWQ261"
->Configuring
- Tape Coordinator Machines and Tape Devices</A
->)</P
-></LI
-><LI
-><P
->Defining volume sets and volume entries (see <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume
- Entries</A
->)</P
-></LI
-><LI
-><P
->Defining dump levels to create a dump hierarchy (see <A
-HREF="c12776.html#HDRWQ267"
->Defining and Displaying the Dump
- Hierarchy</A
->)</P
-></LI
-><LI
-><P
->Labeling tapes (see <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->)</P
-></LI
-><LI
-><P
->Creating a device configuration file to automate the backup process (see <A
-HREF="c12776.html#HDRWQ275"
->Automating and
- Increasing the Efficiency of the Backup Process</A
->)</P
-></LI
-></UL
-></P
-><P
->If you have already configured all of the components required for performing a backup dump or restore operation, you can
- proceed to the instructions in <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
-> and <A
-HREF="c15383.html#HDRWQ306"
->Restoring and
- Recovering Data</A
->.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ258"
->Configuring the tapeconfig File</A
-></H1
-><P
->Several factors interact to determine how much data the Tape Coordinator can fit on a tape: <UL
-><LI
-><P
->The tape's capacity (size), as set by the tape manufacturer.</P
-></LI
-><LI
-><P
->The tape device's filemark size, as set by the tape device's manufacturer. Recall from <A
-HREF="c12776.html#HDRWQ254"
->Tape
- Labels, Dump Labels, and EOF Markers</A
-> that the Tape Coordinator writes a filemark between the data from each volume
- in a dump. If a dump contains a small amount of data from each of a large number of volumes, as incremental dumps often
- do, then the filemark size can significantly affect how much volume data fits on the tape.</P
-></LI
-><LI
-><P
->Whether or not you use the tape device's compression mode.</P
-></LI
-></UL
-></P
-><P
->(The amount of data that can fit in a backup data file is determined by amount of space available on the partition, and
- the operating system's maximum file size. The Tape Coordinator does not write filemarks when writing to a backup data file. For
- further information about configuring a Tape Coordinator to write to a backup data file, see <A
-HREF="c12776.html#HDRWQ282"
->Dumping
- Data to a Backup Data File</A
->.)</P
-><P
->As the Tape Coordinator (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->) process initializes, it reads the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file on its local disk to learn the tape capacity and filemark size (for a
- tape device) or the file size (for a backup data file) to use for dump operations. When you begin a dump operation, the Tape
- Coordinator also reads the tape or backup data file's label to see if you have recorded a different tape capacity or file size.
- If you have, the value on the label overrides the default value from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
->
- file.</P
-><P
->As the Tape Coordinator writes data to a tape during a dump operation, it uses the capacity and filemark information to
- track how much tape it has used and how much remains before the physical end-of-tape (EOT). Shortly before reaching EOT, the
- Tape Coordinator stops writing and requests a new tape. Similarly, it uses a backup data file's size to know when it is about to
- exhaust the space in the file. If the Tape Coordinator reaches the EOT unexpectedly, it recovers by obtaining a new tape and
- writing to it the entire contents of the volume it was writing when it reached EOT. The interrupted volume remains on the first
- tape, but is never used.</P
-><P
->Many tape devices use tapes that can accommodate multiple gigabytes, or even multiple terabytes, of backup data,
- especially if you use the device's compression mode. When writing to such devices and tapes, allowing the Tape Coordinator to
- hit the EOT unexpectedly is generally recommended. The devices write data so quickly that it usually does not take much extra
- time to rewrite the interrupted volume on the new tape. Similarly, they compress data so well that the data abandoned on the
- first tape from the interrupted volume does not constitute a waste of much tape.</P
-><P
->When writing to tapes that accommodate a smaller amount of data (say, less than two GB), it is better to avoid having the
- Tape Coordinator hit EOT unexpectedly. AFS supports volumes up to 2 GB in size, so an interrupted volume can in fact take up
- most of the tape. For such tapes, recording accurate values for tape capacity and filemark size, if possible, helps to maximize
- both use of tape and the efficiency of dump operations. The following discussion of the fields in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file explains how to determine the appropriate values.</P
-><P
->Use a text editor to create an entry in a Tape Coordinator's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file for each
- tape device or backup data file that it uses. Each device or file's entry is on its own line and has the following
- format:</P
-><PRE
-CLASS="programlisting"
-> [capacity filemark_size] device_name port_offset
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->capacity</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the capacity of the tapes used with a tape device, or the amount of data to write into a backup data
- file. Specify an integer value followed by a letter that indicates units, with no intervening space. The letter
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->K</B
-></SPAN
-> indicates kilobytes, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->M</B
-></SPAN
-> indicates megabytes, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->g</B
-></SPAN
->
- or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> indicates gigabytes, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->t</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->T</B
-></SPAN
-> indicates terabytes. If the units letter is omitted, the default is kilobytes.</P
-><P
->To determine the capacity of a tape under two GB in size that you are going to use in regular (noncompression)
- mode, you can either use the value that the tape's manufacturer specifies on the tape's packaging or use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-> command to calculate the capacity, as described later in this section. To avoid having the
- Tape Coordinator reach the EOT unexpectedly, it is best to record in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
->
- file or on the label a capacity that is about 10% smaller than the actual capacity of the tape. To calculate the
- appropriate value for a small tape used in compression mode, one method is to multiply the tape capacity (as recorded by
- the manufacturer) by the device's compression ratio.</P
-><P
->For tapes that hold multiple gigabytes or terabytes of data, or if using a tape drive's compression mode, the
- recommended configuration is to record a value quite a bit (for instance, two times) larger than the maximum amount you
- believe can fit on the tape. It is not generally worthwhile to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-> command on
- large tapes, even in noncompression mode. The command definitely does not yield accurate results in compression mode.
- The Tape Coordinator is likely to reach the EOT unexpectedly, but compression mode fits so much data on the tape that
- the data abandoned from an interrupted volume does not represent much of the tape's capacity.</P
-><P
->For a backup data file, record a value slightly smaller than the amount of space available on the partition, and
- definitely smaller than the operating system's maximum file size. It is also best to limit the ability of other
- processes to write to the partition, to prevent them from using up the space in the partition.</P
-><P
->If this field is empty, the Tape Coordinator uses the maximum acceptable value (2048 GB or 2 TB). Either leave
- both this field and the filemark_size field empty, or provide a value in both of them.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->filemark_size</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the tape device's filemark size, which usually falls between 2 KB and 2 MB. Use the same notation as for
- the capacity field, but note that if you omit the units letter, the default unit is bytes rather than kilobytes.</P
-><P
->For a tape device in regular (noncompression) mode, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-> command
- to determine filemark size, or use the value reported by the device's manufacturer. To help the Tape Coordinator avoid
- reaching EOT unexpectedly, increase the value by about 10% when recording it in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file.</P
-><P
->The recommended value for a tape device in compression mode is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero). The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-> command does not yield accurate results in compression mode, so you cannot use it
- to determine the filemark size.</P
-><P
->The recommended value for a backup data file is also <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero). The Tape
- Coordinator does not use filemarks when writing to a file, but a value must appear in this field nevertheless if there
- is also a value in the capacity field.</P
-><P
->If this field is empty, the Tape Coordinator uses the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero). Either
- leave both this field and the capacity field empty, or provide a value in both of them.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->device_name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete pathname of the tape device or backup data file. The format of tape device names depends on
- the operating system, but on UNIX systems, device names generally begin with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/</B
-></SPAN
->. For a backup data file, this field defines the complete pathname, but for suggestions on
- how to name a backup data file, see <A
-HREF="c12776.html#HDRWQ282"
->Dumping Data to a Backup Data File</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->port_offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the port offset number for a specific tape device or backup data file. Each tape device listens for
- backup requests on a different UNIX port. You pick the port indirectly by recording a value in this field. The Backup
- System sets the device's actual port by adding the port offset to a base port number that it determines
- internally.</P
-><P
->Legal values are the integers <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->58510</B
-></SPAN
->
- (the Backup System can track a maximum of 58,511 port offset numbers). Each value must be unique among the cell's Tape
- Coordinators, but you do not have to assign port offset numbers sequentially, and you can associate any number of them
- with a single machine or even tape device. For example, if you plan to use a device in both compression and
- noncompression mode, assign it two different port offsets with appropriate tape capacity and filemark values for the
- different modes.</P
-><P
->Assign port offset <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) to the Tape Coordinator for the tape device or backup
- data file that you use most often for backup operations; doing so enables you to omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> argument from the largest possible number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
- commands.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The following example <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file includes entries for two tape devices, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/rmt0h</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/rmt1h</B
-></SPAN
->. Each one uses tapes with a capacity of 2 GB
- and has a filemark size of 1 MB. Their port offset numbers are <SAMP
-CLASS="computeroutput"
->0</SAMP
-> and
- <SAMP
-CLASS="computeroutput"
->1</SAMP
->.</P
-><PRE
-CLASS="programlisting"
-> 2g 1m /dev/rmt0h 0
- 2G 1M /dev/rmt1h 1
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-> command reports the capacity of the tape you have inserted and the tape device's
- filemark size, both on the standard output stream (stdout) and in its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms.log</B
-></SPAN
-> file, which it
- writes in the current working directory. The command interpreter must write data to the entire tape, so running the command can
- take from several hours to more than a day, depending on the size of the tape.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ259"
->To run the fms command on a noncompressing tape device</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->If an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms.log</B
-></SPAN
-> file does not already exist in the current directory, verify that you
- can insert and write to files in the current directory. If the log file already exists, you must be able to write to the
- file.</P
-></LI
-><LI
-><P
->Insert a tape into the drive. Running the command completely overwrites the tape, so use a blank tape or one that
- you want to recycle.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->tape special file</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tape special file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the tape device's UNIX device name, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/rmt0h</B
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The following example output reports that the tape in the device with device name <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/rmt0h</B
-></SPAN
-> has a capacity of 2136604672 bytes (about 2 GB), and that the device's filemark size is
- 1910205 bytes (close to 2 MB).</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms /dev/rmt0h</B
-></SPAN
->
- wrote block: 130408
- Finished data capacity test - rewinding
- wrote 1109 blocks, 1109 file marks
- Finished file mark test
- Tape capacity is 2136604672 bytes
- File marks are 1910205 bytes
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ260"
->Granting Administrative Privilege to Backup Operators</A
-></H1
-><P
->Each person who issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> commands in
- your cell must be listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file on every database server machine
- that stores the Backup Database and Volume Location Database (VLDB), and every machine that houses a volume included in a volume
- set. By convention, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file is the same on every server machine in the cell; the
- instructions in this document assume that your cell is configured in this way. To edit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos adduser</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- removeuser</B
-></SPAN
-> commands as described in <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->.</P
-><P
->In addition to being listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file, backup operators who issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command must be able to write to the files stored in each Tape Coordinator machine's local
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory, which are protected by UNIX mode bits. Before configuring your
- cell's first Tape Coordinator machine, decide which local user and group to designate as the owner of the directory and the
- files in it. Among the possible ownership options are the following: <UL
-><LI
-><P
->The local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->. With this option, the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command must log onto the local file system as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->. If the Tape Coordinator is also a server machine, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> flag is used on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command to construct a server
- ticket from the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file. On non-server machine, the issuer must
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate as an AFS administrator while logged in as
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->A single AFS administrator. Logging in and authenticating are a single step if an AFS-modified login utility is
- used. The administrator is the only user who can start the Tape Coordinator.</P
-></LI
-><LI
-><P
->An administrative account for which several operators know the password. This allows them all to start the Tape
- Coordinator.</P
-></LI
-></UL
-></P
-><P
->Another option is to define a group in the local group file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/group</B
-></SPAN
-> or equivalent) to
- which all backup operators belong. Then turn on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> mode bit (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
-> permission) in the group mode bits rather than the user mode bits of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory and files in it. An advantage over the methods listed previously is that each
- operator can retain an individual administrative account for finer granularity in auditing.</P
-><P
->For instructions on implementing your choice of protection methods, see <A
-HREF="c12776.html#HDRWQ261"
->Configuring Tape
- Coordinator Machines and Tape Devices</A
->.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ261"
->Configuring Tape Coordinator Machines and Tape Devices</A
-></H1
-><P
->This section explains how to configure a machine as a Tape Coordinator machine, and how to configure or remove the Tape
- Coordinator associated with a single tape device or backup data file.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->When configuring a tape device attached to an AIX system, you must set the device's tape block size to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) to indicate variable block size. If you do not, it is possible that devices attached to
- machines of other system types cannot read the tapes made on the AIX system. Use the AIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smit</B
-></SPAN
->
- program to verify or change the value of the tape block size for a tape device, as instructed in Sep <A
-HREF="c12776.html#LIWQ263"
->3</A
->.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ262"
->To configure a Tape Coordinator machine</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ263"
-></A
->Install one or more tape devices on the Tape Coordinator machine according to the
- manufacturer's instructions. The Backup System can track a maximum of 58,511 tape devices or backup data files per
- cell.</P
-><P
->If the Tape Coordinator machine is an AIX system, issue the following command to change the tape device's tape block
- size to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero), which indicates variable block size. Repeat for each tape
- device.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chdev -l '</B
-></SPAN
->device_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->' -a block_size='0'</B
-></SPAN
->
-</PRE
-><P
->where device_name is the tape device's device name (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/rmt0h</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->Verify that the binary files for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->,
- and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fms</B
-></SPAN
-> commands are available on the local disk. If the machine is an AFS client, the
- conventional location is the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/etc</B
-></SPAN
-> directory. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls /usr/afsws/etc</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Create the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs</B
-></SPAN
-> directory. (If the Tape Coordinator machine is also configured
- as a file server machine, this directory already exists.) Then create the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
->
- directory. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mkdir /usr/afs</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mkdir /usr/afs/backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Use a text editor to create the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file. Include a single
- line for each tape device or backup data file, specifying the following information in the indicated order. For syntax
- details and suggestions on the values to use in each field, see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig
- File</A
->. <UL
-><LI
-><P
->The capacity of tapes to be used in the device, or the size of the backup data file</P
-></LI
-><LI
-><P
->The device's filemark size</P
-></LI
-><LI
-><P
->The device's device name, starting with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/</B
-></SPAN
-></P
-></LI
-><LI
-><P
->The device's port offset number</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Decide which user and group are to own the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file, based on the suggestions in <A
-HREF="c12776.html#HDRWQ260"
->Granting
- Administrative Privilege to Backup Operators</A
->. Correct the UNIX mode bits on the directory and file, if necessary.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> admin_owner <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> admin_owner <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chgrp</B
-></SPAN
-> admin_group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chgrp</B
-></SPAN
-> admin_group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod 774 /usr/afs/backup</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod 664 /usr/afs/backup/tapeconfig</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LICONFTC-ADDHOST"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addhost</B
-></SPAN
-> command to create a Tape
- Coordinator entry in the Backup Database. Repeat the command for each Tape Coordinator. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addhost</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->tape machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->TC port offset</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addh</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addhost</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tape machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the Tape Coordinator machine's fully qualified hostname.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TC port offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the tape device's port offset number. Provide the same value as you specified for the device in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file. You must provide this argument unless the default value of 0
- (zero) is appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_287"
->To configure an additional Tape Coordinator on an existing Tape Coordinator machine</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Install the tape device on the Tape Coordinator machine according to the manufacturer's instructions.</P
-><P
->If the Tape Coordinator machine is an AIX system, issue the following command to change the tape device's tape block
- size to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero), which indicates variable block size.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chdev -l '</B
-></SPAN
->device_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->' -a block_size='0'</B
-></SPAN
->
-</PRE
-></LI
-><LI
-><P
->Choose the port offset number to assign to the tape device. If necessary, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- listhosts</B
-></SPAN
-> command to display the port offset numbers that are already used; for a discussion of the output, see
- <A
-HREF="c12776.html#HDRWQ264"
->To display the list of configured Tape Coordinators</A
->. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listhosts</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listh</B
-></SPAN
-> is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listhosts</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Use a text editor to add one or more entries for the device to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file. Specify the following information in the indicated order. For
- syntax details and suggestions on the values to use in each field, see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig
- File</A
->. <UL
-><LI
-><P
->The capacity of tapes to be used in the device, or the size of the backup data file</P
-></LI
-><LI
-><P
->The device's filemark size</P
-></LI
-><LI
-><P
->The device's device name, starting with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/</B
-></SPAN
-></P
-></LI
-><LI
-><P
->The device's port offset number</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addhost</B
-></SPAN
-> command to create an entry in the Backup Database for the
- Tape Coordinator. For complete syntax, see Step <A
-HREF="c12776.html#LICONFTC-ADDHOST"
->8</A
-> in <A
-HREF="c12776.html#HDRWQ262"
->To
- configure a Tape Coordinator machine</A
->. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addhost</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->tape machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->TC port offset</VAR
->>]
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_288"
->To unconfigure a Tape Coordinator</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Using a text editor, remove each of the Tape Coordinator's entries from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delhost</B
-></SPAN
-> command to delete the Tape Coordinator's Backup Database
- entry. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delhost</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->tape machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->TC port offset</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delh</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delhost</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tape machine name</B
-></SPAN
-></DT
-><DD
-><P
->Is the complete Internet host name of the Tape Coordinator machine.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TC port offset</B
-></SPAN
-></DT
-><DD
-><P
->Is the same port offset number removed from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file. You must
- provide this argument unless the default value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) is appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ264"
->To display the list of configured Tape Coordinators</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listhosts</B
-></SPAN
-> command to list the Tape Coordinators and port offset
- numbers currently configured in the Backup Database. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listhosts</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listh</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listhosts</B
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The output lists each Tape Coordinator machine and the port offset numbers currently allocated to it in the Backup
- Database. The appearance of a port offset number does not imply that the associated Tape Coordinator is actually running.
- Machine names appear in the format in which they were specified with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addhost</B
-></SPAN
->
- command.</P
-><P
->The following example output lists the Tape Coordinators currently defined in the Backup Database of the ABC Corporation
- cell:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listhosts</B
-></SPAN
->
- Tape hosts:
- Host backup1.abc.com, port offset 0
- Host backup1.abc.com, port offset 2
- Host backup2.abc.com, port offset 1
- Host backup2.abc.com, port offset 3
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
-></H1
-><P
->The Backup System handles data at the level of volumes rather than individual files. You must define groups of volumes
- called <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume sets</I
-></SPAN
-> before performing backup operations, by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- addvolset</B
-></SPAN
-> command. A volume set name can be up to 31 characters long and can include any character other than the
- period (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->), but avoid using metacharacters that have special meanings to the shell.</P
-><P
->After creating a volume set, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolentry</B
-></SPAN
-> command to place one or more
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume entries</I
-></SPAN
-> in it. They define the volumes that belong to it in terms of their location (file server
- machine and partition) and name. Use the command's required <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument to designate the
- file server machine that houses the volumes of interest and its required <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument to
- designate the partition. Two types of values are acceptable: <UL
-><LI
-><P
->The fully qualified hostname of one machine or full name of one partition (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepm</B
-></SPAN
->)</P
-></LI
-><LI
-><P
->The regular expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> (period and asterisk), which matches every machine name
- or partition name in the VLDB</P
-></LI
-></UL
-></P
-><P
->For the volume name (the required <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument), specify a combination of
- alphanumeric characters and one or more metacharacters to specify part or all of the volume name with a wildcard. You can use
- any of the following metacharacters in the volume name field: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
-></DT
-><DD
-><P
->The period matches any single character.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->*</B
-></SPAN
-></DT
-><DD
-><P
->The asterisk matches zero or more instances of the preceding character. Combine it with any other alphanumeric
- character or metacharacter.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[ ]</B
-></SPAN
-></DT
-><DD
-><P
->Square brackets around a list of characters match a single instance of any of the characters, but no other
- characters; for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[abc]</B
-></SPAN
-> matches a single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->b</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->c</B
-></SPAN
->, but not <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
->. You can combine this expression with the asterisk.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->^</B
-></SPAN
-></DT
-><DD
-><P
->The caret, when used as the first character in a square-bracketed set, designates a match with any single
- character other than the characters that follow it; for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[^a]</B
-></SPAN
-> matches any
- single character except lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->. You can combine this expression with the
- asterisk.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\</B
-></SPAN
-></DT
-><DD
-><P
->A backslash preceding any of the metacharacters in this list makes it match its literal value only. For example,
- the expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\.</B
-></SPAN
-> (backslash and period) matches a single period, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\*</B
-></SPAN
-> matches a single asterisk, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\\</B
-></SPAN
-> matches a single backslash.
- You can combine such expressions with the asterisk (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\.*</B
-></SPAN
-> matches any number
- of periods).</P
-></DD
-></DL
-></DIV
-></P
-><P
->Perhaps the most common regular expression is the period followed by an asterisk (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
->).
- This expression matches any string of any length, because the period matches any character and the asterisk means any number of
- that character. As mentioned, it is the only acceptable regular expression in the file server and partition fields of a volume
- entry. In the volume name field, it can stand alone (in which case it matches every volume listed in the VLDB), or can combine
- with alphanumeric characters. For example, the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.*\.backup</B
-></SPAN
-> matches any volume name
- that begins with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
-> and ends with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
->.</P
-><P
->Issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolentry</B
-></SPAN
-> command in interactive mode is simplest. If you issue it
- at the shell prompt, you must surround any string that includes a regular expression with double quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->"
- "</B
-></SPAN
->) so that the shell passes them uninterpreted to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command interpreter
- rather than resolving them.</P
-><P
->To define various combinations of volumes, provide the following types of values for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- addvolentry</B
-></SPAN
-> command's three arguments. The list uses the notation appropriate for interactive mode; if you issue the
- command at the shell prompt instead, place double quotes around any string that includes a regular expression. To create a
- volume entry that includes: <UL
-><LI
-><P
->All volumes listed in the VLDB, use the regular expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> for all three
- arguments (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server .* -partition .* -volume .*</B
-></SPAN
->)</P
-></LI
-><LI
-><P
->Every volume on a specific file server machine, specify its fully qualified hostname as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument and use the regular expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> and -<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume</B
-></SPAN
-> arguments (for example: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server fs1.abc.com -partition .* -volume .*</B
-></SPAN
->)</P
-></LI
-><LI
-><P
->All volumes that reside on a partition with the same name on various file server machines, specify the complete
- partition name as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument and use the regular expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
->
- arguments (for example: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server .* -partition /vicepd -volume .*</B
-></SPAN
->)</P
-></LI
-><LI
-><P
->Every volume with a common string in its name, use the regular expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> for
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments, and provide a
- combination of alphanumeric characters and metacharacters as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument (for
- example: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server .* -partition .* -volume .*\.backup</B
-></SPAN
-> includes all volumes whose names end
- in the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->All volumes on one partition, specify the machine's fully qualified hostname as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument and the full partition name as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
->
- argument, and use the regular expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument (for example: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server fs2.abc.com -partition /vicepb -volume
- .*</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->A single volume, specify its complete name as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument. To bypass the
- potentially time-consuming search through the VLDB for matching entries, you can specify an actual machine and partition
- name for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments
- respectively. However, if it is possible that you need to move the volume in future, it is best to use the regular
- expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> for the machine and partition name.</P
-></LI
-></UL
-></P
-><P
->As you create volume sets, define groups of volumes you want to dump to the same tape at the same time (for example,
- weekly or daily) and in the same manner (fully or incrementally). In general, a volume set that includes volumes with similar
- contents (as indicated by similar names) is more useful than one that includes volumes that share a common location, especially
- if you often move volumes for load-balancing or space reasons. Most often, then, it is appropriate to use the regular expression
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> (period followed by a backslash) for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolentry</B
-></SPAN
-> command.</P
-><P
->It is generally more efficient to include a limited number of volumes in a volume entry. Dumps of a volume set that
- includes a large number of volume can take a long time to complete, increasing the possibility that the operation fails due to a
- service interruption or outage.</P
-><P
->To remove a volume entry from a volume set, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delvolentry</B
-></SPAN
-> command. To remove
- a volume set and all of its component volume entries from the Backup Database, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- delvolset</B
-></SPAN
-> command. To display the volume entries in a volume set, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- listvolsets</B
-></SPAN
-> command.</P
-><P
->By default, a Backup Database record is created for the new volume set. Sometimes it is convenient to create volume sets
- without recording them permanently in the Backup Database, for example when using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volsetrestore</B
-></SPAN
-> command to restore a group of volumes that were not necessarily backed up together (for further
- discussion, see <A
-HREF="c15383.html#HDRWQ312"
->Using the backup volsetrestore Command</A
->). To create a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->temporary</I
-></SPAN
-> volume set, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-temporary</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolset</B
-></SPAN
-> command. A temporary volume set exists only during the lifetime of the current
- interactive session, so the flag is effective only when used during an interactive session (opened by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup (interactive)</B
-></SPAN
-> command). You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delvolset</B
-></SPAN
-> command
- to delete a temporary volume set before the interactive session ends, if you wish, but as noted it is automatically deleted when
- you end the session. One advantage of temporary volume sets is that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolset</B
-></SPAN
->
- command, and any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolentry</B
-></SPAN
-> commands subsequently used to add volume entries to it,
- complete more quickly than for regular volume sets, because you are not creating any Backup Database records.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_291"
->To create a volume set</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode. If you are going to define volume entries right away with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- addvolentry</B
-></SPAN
-> command, this eliminates the need to surround metacharacter expressions with double quotes. You
- must enter interactive mode if creating a temporary volume set. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) addvolset</B
-></SPAN
-> command to create the volume set. You must then issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) addvolentry</B
-></SPAN
-> command to define volume entries in it. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvolset</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume set name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-temporary</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvols</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvolset</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume set name</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume set. The name can include no more than 31 characters, cannot include periods, and must be
- unique within the Backup Database. (A temporary volume set can have the same name as an existing permanent volume
- set, but this is not recommended because of the confusion it can cause.)</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-temporary</B
-></SPAN
-></DT
-><DD
-><P
->Creates a temporary volume set, which exists only during the current interactive session.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_292"
->To add a volume entry to a volume set</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode if you have not already. This makes it simpler to use metacharacter expressions, because you do not need
- to surround them with double quotes. If you are adding entries to a temporary volume set, you must already have entered
- interactive mode before creating the volume set. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) addvolentry</B
-></SPAN
-> command to define volume entries in an existing
- volume set. The Backup System assigns each volume entry an index within the volume set, starting with 1 (one).
- <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvolentry -name</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume set name</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->partition name</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volumes</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name (regular expression)</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvole</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvolentry</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume set to which to add the volume entry. It must already exist (use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolset</B
-></SPAN
-> command to create it).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Defines the set of one or more file server machines that house the volumes in the volume entry. Provide
- either one fully-qualified hostname (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->) or the metacharacter
- expression <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> (period and asterisk), which matches all machine names in the
- VLDB.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></DT
-><DD
-><P
->Defines the set of one or more partitions that house the volumes in the volume entry. Provide either one
- complete partition name (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
->) or the metacharacter expression
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
-> (period and asterisk), which matches all partition names.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volumes</B
-></SPAN
-></DT
-><DD
-><P
->Defines the set of one or more volumes included in the volume entry, identifying them by name. This argument
- can include a combination of alphanumeric characters and one or more of the metacharacter expressions discussed in
- the introductory material in this section.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ266"
->To display volume sets and volume entries</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listvolsets</B
-></SPAN
-> command to display the volume entries in a specific
- volume set or all of them. If you are displaying a temporary volume set, you must still be in the interactive session in
- which you created it. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listvolsets</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->volume set name</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listv</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvolsets</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume set name</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume set to display. Omit this argument to display all defined volume sets.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The output from the command uses the wildcard notation used when the volume entries were created. The string
- <SAMP
-CLASS="computeroutput"
->(temporary)</SAMP
-> marks a temporary volume set. The following example displays all three of the
- volume sets defined in a cell's Backup Database, plus a temporary volume set <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat+jones</B
-></SPAN
->
- created during the current interactive session:</P
-><PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listv</B
-></SPAN
->
- Volume set pat+jones (temporary):
- Entry 1: server fs1.abc.com, partition /vicepe, volumes: user.pat.backup
- Entry 2: server fs5.abc.com, partition /viceph, volumes: user.jones.backup
- Volume set user:
- Entry 1: server .*, partition .*, volumes: user.*\.backup
- Volume set sun:
- Entry 1: server .*, partition .*, volumes: sun4x_55\..*
- Entry 2: server .*, partition .*, volumes: sun4x_56\..*
- Volume set rs:
- Entry 1: server .*, partition .*, volumes: rs_aix42\..*
-</PRE
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_294"
->To delete a volume set</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delvolset</B
-></SPAN
-> command to delete one or more volume sets and all of the
- component volume entries in them. If you are deleting a temporary volume set, you must still be in the interactive session
- in which you created it. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup delvolset</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume set name</VAR
->>+
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvols</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolset</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume set name</B
-></SPAN
-></DT
-><DD
-><P
->Names each volume set to delete.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_295"
->To delete a volume entry from a volume set</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->If the volume set includes more than one volume entry, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup)
- listvolsets</B
-></SPAN
-> command to display the index number associated with each one (if there is only one volume entry,
- its index is 1). For a more detailed description of the command's output, see <A
-HREF="c12776.html#HDRWQ266"
->To display volume
- sets and volume entries</A
->. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvolsets</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume set name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listv</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvolsets</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume set name</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume set for which to display volume entries.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) delvolentry</B
-></SPAN
-> command to delete the volume entry. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolentry</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume set name</VAR
->> <<VAR
-CLASS="replaceable"
->volume entry index</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvole</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolentry</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume set name</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume set from which to delete a volume entry.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume entry index</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the index number of the volume entry to delete.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ267"
->Defining and Displaying the Dump Hierarchy</A
-></H1
-><P
->A dump hierarchy is a logical structure in the Backup Database that defines the relationship between full and incremental
- dumps; that is, it defines which dump serves as the parent for an incremental dump. Each individual component of a hierarchy is
- a dump level.</P
-><P
->As you define dump levels with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup adddump</B
-></SPAN
-> command, keep the following rules and
- suggestions in mind: <UL
-><LI
-><P
->Each full dump level is the top level of a hierarchy. You can create as many hierarchies as you need to dump
- different volume sets on different schedules.</P
-></LI
-><LI
-><P
->The name of a full dump level consists of an initial slash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->), followed by a
- string of up to 28 alphanumeric characters.</P
-></LI
-><LI
-><P
->The name of an incremental dump level resembles a pathname, starting with the name of a full dump level, then the
- first incremental level, and so on, down to the final incremental level. Precede each level name with a slash to separate
- it from the preceding level. Like the full level, each component level in the name can have up to 28 alphanumeric
- characters, not including the slash.</P
-></LI
-><LI
-><P
->A hierarchy can have any have any number of levels, but the maximum length of a complete dump level name is 256
- characters, including the slashes.</P
-></LI
-><LI
-><P
->Before defining a given incremental level, you must define all of the levels above it in the hierarchy.</P
-></LI
-><LI
-><P
->Do not use the period (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->) in dump level names. The Backup System uses the period as
- the separator between a dump's volume set name and dump level name when it creates the dump name and AFS tape name. Any
- other alphanumeric and punctuation characters are allowed, but it is best to avoid metacharacters. If you include a
- metacharacter, you must precede it with a backslash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\</B
-></SPAN
->) or surround the entire dump level
- name with double quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->" "</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->Naming dump levels for days or other actual time points reminds you when to perform dumps, and makes it easier to
- track the relationship between dumps performed at different levels. However, the names have no meaning to the Backup
- System: it does not automatically create dumps according to the names, and does not prevent you from, for example, using
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday</B
-></SPAN
-> level when creating a dump on a Tuesday.</P
-></LI
-><LI
-><P
->It is best not to use the same name for more than one component level in a hierarchy, because it means the resulting
- dump name no longer indicates which level was used. For example, if you name a dump level <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/full/incr/incr</B
-></SPAN
->, then the dump name and AFS tape name that result from dumping a volume set at the
- first incremental level (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/full/incr</B
-></SPAN
->) look the same as the names that result from dumping
- at the second incremental level (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/full/incr/incr</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->Individual levels in different hierarchies can have the same name, but the complete pathnames must be unique. For
- example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday1/monday</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday2/monday</B
-></SPAN
-> share the
- same name at the final level, but are unique because they have different names at the full level (belong to different
- hierarchies). However, using the same name in multiple hierarchies means that dump and AFS tape names do not unambiguously
- indicate which hierarchy was used.</P
-></LI
-></UL
-></P
-><P
->The following example shows three hierarchies. Each begins with a full dump at the top: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sunday1</B
-></SPAN
-> for the first hierarchy, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sunday2</B
-></SPAN
-> for the second hierarchy, and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sunday_bin</B
-></SPAN
-> for the third hierarchy. In all three hierarchies, each of the other dump levels is
- an incremental level.</P
-><PRE
-CLASS="programlisting"
-> /sunday1
- /monday
- /tuesday
- /wednesday
- /thursday
- /friday
- /sunday2
- /monday
- /tuesday
- /wednesday
- /thursday
- /friday
- /sunday_bin
- /monday
- /wednesday
- /friday
-</PRE
-><P
->In the first hierarchy, each incremental dump level refers to the full level <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday1</B
-></SPAN
-> as
- its parent. When (for example) you dump a volume set at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday1/wednesday</B
-></SPAN
-> level, it
- includes data that has changed since the volume set was dumped at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday1</B
-></SPAN
-> level.</P
-><P
->In contrast, each incremental dump level in the second hierarchy refers to the immediately preceding dump level as its
- parent. When you dump a volume set at the corresponding level in the second hierarchy (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday2/monday/tuesday/wednesday</B
-></SPAN
->), the dump includes only data that has changed since the volume set was
- dumped at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday2/monday/tuesday</B
-></SPAN
-> level (presumably the day before). Assuming you create
- dumps on the indicated days, an incremental dump made using this hierarchy contains less data than an incremental dump made at
- the corresponding level in the first hierarchy.</P
-><P
->The third hierarchy is more appropriate for dumping volumes for which a daily backup is excessive because the data does
- not change often (for example, system binaries).</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ268"
->Creating a Tape Recycling Schedule</A
-></H2
-><P
->If your cell is like most cells, you have a limited amount of room for storing backup tapes and a limited budget for new
- tapes. The easiest solution is to recycle tapes by overwriting them when you no longer need the backup data on them. The
- Backup System helps you implement a recycling schedule by enabling you to associate an expiration date with each dump level.
- The expiration date defines when a dump created at that level expires. Until that time the Backup System refuses to overwrite
- a tape that contains the dump. Thus, assigning expiration dates automatically determines how you recycle tapes.</P
-><P
->When designing a tape-recycling schedule, you must decide how far in the past and to what level of precision you want to
- guarantee access to backed up data. For instance, if you decide to guarantee that you can restore a user's home volume to its
- state on any given day in the last two weeks, you cannot recycle the tape that contains a given daily dump for at least two
- weeks after you create it. Similarly, if you decide to guarantee that you can restore home volumes to their state at the
- beginning of any given week in the last month, you cannot recycle the tapes in a dump set containing a weekly dump for at
- least four weeks. The following example dump hierarchy implements this recycling schedule by setting the expiration date for
- each daily incremental dump to 13 days and the expiration date of the weekly full dumps to 27 days.</P
-><P
->The tapes used to store dumps created at the daily incremental levels in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday1</B
-></SPAN
->
- hierarchy expire just in time to be recycled for daily dumps in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday3</B
-></SPAN
-> hierarchy (and
- vice versa), and there is a similar relationship between the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday2</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday4</B
-></SPAN
-> hierarchies. Similarly, the tape that houses a full dump at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sunday1</B
-></SPAN
-> level expires just in time to be used for a full dump on the first Sunday of the following
- month.</P
-><PRE
-CLASS="programlisting"
-> /sunday1 expires in 27d
- /monday1 expires in 13d
- /tuesday1 expires in 13d
- /wednesday1 expires in 13d
- /thursday1 expires in 13d
- /friday1 expires in 13d
- /sunday2 expires in 27d
- /monday2 expires in 13d
- /tuesday2 expires in 13d
- /wednesday2 expires in 13d
- /thursday2 expires in 13d
- /friday2 expires in 13d
- /sunday3 expires in 27d
- /monday1 expires in 13d
- /tuesday1 expires in 13d
- /wednesday1 expires in 13d
- /thursday1 expires in 13d
- /friday1 expires in 13d
- /sunday4 expires in 27d
- /monday2 expires in 13d
- /tuesday2 expires in 13d
- /wednesday2 expires in 13d
- /thursday2 expires in 13d
- /friday2 expires in 13d
-</PRE
-><P
->If you use appended dumps in your cell, keep in mind that all dumps in a dump set are subject to the latest (furthest
- into the future) expiration date associated with any of the constituent dumps. You cannot recycle any of the tapes that
- contain a dump set until all of the dumps have reached their expiration date. See also <A
-HREF="c15383.html#HDRWQ299"
->Appending
- Dumps to an Existing Dump Set</A
->.</P
-><P
->Most tape manufacturers recommend that you write to a tape a limited number of times, and it is best not to exceed this
- limit when recycling tapes. To help you track tape usage, the Backup System records a
- <SAMP
-CLASS="computeroutput"
->useCount</SAMP
-> counter on the tape's label. It increments the counter each time the tape's label is
- rewritten (each time you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- dump</B
-></SPAN
-> command). To display the <SAMP
-CLASS="computeroutput"
->useCount</SAMP
-> counter, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup readlabel</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command or include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-> options when you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-> command. For instructions see <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape
- Labels</A
-> or <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ269"
->Archiving Tapes</A
-></H2
-><P
->Even if you make extensive use of tape recycling, there is probably some backup data that you need to archive for a long
- (or even an indefinite) period of time. You can use the Backup System to archive data on a regular schedule, and you can also
- choose to archive data on tapes that you previously expected to recycle.</P
-><P
->If you want to archive data on a regular basis, you can create date-specific dump levels in the dump hierarchy. For
- example, if you decide to archive a full dump of all data in your cell at the beginning of each quarter in the year 2000, you
- can define the following levels in the dump hierarchy:</P
-><PRE
-CLASS="programlisting"
-> /1Q2000
- /2Q2000
- /3Q2000
- /4Q2000
-</PRE
-><P
->If you decide to archive data that is on tapes you previously planned to recycle, you must gather all of the tapes that
- contain the relevant dumps, both full and incremental. To avoid accidental erasure, it is best to set the switch on the tapes
- that makes them read-only, before placing them in your archive storage area. If the tapes also contain a large amount of
- extraneous data that you do not want to archive, you can restore just the relevant data into a new temporary volume, and back
- up that volume to the smallest number of tapes possible. One reason to keep a dump set small is to minimize the amount of
- irrelevant data in a dump set you end up needing to archive.</P
-><P
->If you do not expect to restore archived data to the file system, you can consider using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup deletedump</B
-></SPAN
-> command to remove the associated dump records from the Backup Database, which helps
- keep it to an efficient size. If you ever need to restore the data, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dbadd</B
-></SPAN
->
- flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command to reinsert the dump records into the database. For
- instructions, see <A
-HREF="c15383.html#HDRWQ305"
->To scan the contents of a tape</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ270"
->Defining Expiration Dates</A
-></H2
-><P
->To associate an expiration date with a dump level as you create it, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
->
- argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup adddump</B
-></SPAN
-> command. To change an existing dump level's expiration date,
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup setexp</B
-></SPAN
-> command.
- (Note that it is not possible to change the expiration date of an actual dump that has already been created at that level).
- With both commands, you can define an expiration date either in absolute terms (for example, 13 January 2000) or relative
- terms (for example, 30 days from when the dump is created). <UL
-><LI
-><P
->To define an absolute expiration date, provide a value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
-> argument
- with the following format: <PRE
-CLASS="programlisting"
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->at</B
-></SPAN
->] mm<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->dd<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->yyyy [hh<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->MM]
-</PRE
-></P
-><P
->where mm indicates the month, dd the day, and yyyy the year when the dump expires. Valid values for the year fall
- in the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1970</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2037</B
-></SPAN
-> (the latest possible
- date that the UNIX time representation can express is in early 2038). If you provide a time, it must be in 24-hour
- format with hh the hours and MM the minutes (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->21:50</B
-></SPAN
-> is 9:50 p.m.). If you
- omit the time, the default is 00:00 hours (12:00 midnight) on the indicated date.</P
-></LI
-><LI
-><P
->To define a relative expiration date, provide a value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
-> argument
- with the following format: <PRE
-CLASS="programlisting"
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->in</B
-></SPAN
->] [years<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->y</B
-></SPAN
->] [months<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
->] [days<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
->]
-</PRE
-></P
-><P
->where each of years, months, and days is an integer. Provide at least one of them together with the corresponding
- units letter (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->y</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> respectively), with no intervening space. If you provide more than one of the three, list them
- in the indicated order.</P
-><P
->The Backup System calculates a dump's actual expiration date by adding the indicated relative value to the start
- time of the dump operation. For example, it assigns an expiration date 1 year, 6 months, and 2 days in the future to a
- dump created at a dump level with associated expiration date <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->in 1y 6m 2d</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->To indicate that a dump backed up at the corresponding dump level never expires, provide the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NEVER</B
-></SPAN
-> instead of a date and time. To recycle tapes that contain dumps created at such a level,
- you must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup readlabel</B
-></SPAN
-> command to overwrite the tape's label.</P
-></LI
-></UL
-></P
-><P
->If you omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- adddump</B
-></SPAN
-> command, then the expiration date is set to UNIX time zero (00:00 hours on 1 January 1970). The Backup
- System considers dumps created at such a dump level to expire at their creation time. If no dumps in a dump set have an
- expiration date, then the Backup System does not impose any restriction on recycling the tapes that contain the dump set. If
- you need to prevent premature recycling of the tapes that contain the dump set, you must use a manual tracking system.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_300"
->To add a dump level to the dump hierarchy</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Optional</B
-></SPAN
->. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup adddump</B
-></SPAN
-> command to define one or more dump levels. If you are
- defining an incremental level, then all of the parent levels that precede it in its pathname must either already exist or
- precede it on the command line. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->adddump -dump</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dump level name</VAR
->>+ [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->expiration date</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addd</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->adddump</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dump</B
-></SPAN
-></DT
-><DD
-><P
->Names each dump level to added. If you specify more than one dump level name, you must include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dump</B
-></SPAN
-> switch.</P
-><P
->Provide the entire pathname of the dump level, preceding each level in the pathname with a slash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->). Each component level can be up to 28 characters in length, and the pathname can include
- up to 256 characters including the slashes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
-></DT
-><DD
-><P
->Sets the expiration date associated with each dump level. Specify either a relative or absolute expiration
- date, as described in <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->, or omit this argument to assign
- no expiration date to the dump levels.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->A plus sign follows this argument in the command's syntax statement because it accepts a multiword value
- which does not need to be enclosed in double quotes or other delimiters, not because it accepts multiple dates.
- Provide only one date (and optionally, time) definition to be associated with each dump level specified by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dump</B
-></SPAN
-> argument.</P
-></BLOCKQUOTE
-></DIV
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_301"
->To change a dump level's expiration date</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Optional</B
-></SPAN
->. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) setexp</B
-></SPAN
-> command to change the expiration date associated with one
- or more dump levels. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setexp -dump</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dump level name</VAR
->>+ [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->expiration date</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->se</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setexp</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dump</B
-></SPAN
-></DT
-><DD
-><P
->Names each existing dump level for which to change the expiration date.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-expires</B
-></SPAN
-></DT
-><DD
-><P
->Sets the expiration date associated with each dump level. Specify either a relative or absolute expiration
- date, as described in <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->; omit this argument to remove the
- expiration date currently associated with each dump level.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->A plus sign follows this argument in the command's syntax statement because it accepts a multiword value
- which does not need to be enclosed in double quotes or other delimiters, not because it accepts multiple dates.
- Provide only one date (and optionally, time) definition to be associated with each dump level specified by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dump</B
-></SPAN
-> argument.</P
-></BLOCKQUOTE
-></DIV
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_302"
->To delete a dump level from the dump hierarchy</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Optional</B
-></SPAN
->. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) deldump</B
-></SPAN
-> command to delete the dump level. Note that the command
- automatically removes all incremental dump levels for which the specified level serves as parent, either directly or
- indirectly. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->deldump</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dump level name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->deld</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->deldump</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dump level name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete pathname of the dump level to delete.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ271"
->To display the dump hierarchy</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listdumps</B
-></SPAN
-> command to display the dump hierarchy. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listdumps</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listd</B
-></SPAN
-> is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listdumps</B
-></SPAN
->.</P
-><P
->The output from this command displays the dump hierarchy, reporting the expiration date associated with each dump
- level, as in the following example.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listdumps</B
-></SPAN
->
- /week1 expires in 27d
- /tuesday expires in 13d
- /thursday expires in 13d
- /sunday expires in 13d
- /tuesday expires in 13d
- /thursday expires in 13d
- /week3 expires in 27d
- /tuesday expires in 13d
- /thursday expires in 13d
- /sunday expires in 13d
- /tuesday expires in 13d
- /thursday expires in 13d
- sunday1 expires in 27d
- /monday1 expires in 13d
- /tuesday1 expires in 13d
- /wednesday1 expires in 13d
- /thursday1 expires in 13d
- /friday1 expires in 13d
- sunday2 expires in 27d
- /monday2 expires in 13d
- /tuesday2 expires in 13d
- /wednesday2 expires in 13d
- /thursday2 expires in 13d
- /friday2 expires in 13d
- sunday3 expires in 27d
- /monday1 expires in 13d
- /tuesday1 expires in 13d
- /wednesday1 expires in 13d
- /thursday1 expires in 13d
- /friday1 expires in 13d
- sunday4 expires in 27d
- /monday2 expires in 13d
- /tuesday2 expires in 13d
- /wednesday2 expires in 13d
- /thursday2 expires in 13d
- /friday2 expires in 13d
-</PRE
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ272"
->Writing and Reading Tape Labels</A
-></H1
-><P
->As described in <A
-HREF="c12776.html#HDRWQ253"
->Dump Names and Tape Names</A
-> and <A
-HREF="c12776.html#HDRWQ254"
->Tape Labels, Dump
- Labels, and EOF Markers</A
->, you can assign either a permanent name or an AFS tape name to a tape that you use in the Backup
- System. The names are recorded on the tape's magnetic label, along with an indication of the tape's capacity (size).</P
-><P
->You can assign either a permanent name or an AFS tape name, but not both. In general, assigning permanent names rather
- than AFS tape names simplifies the backup process, because the Backup System does not dictate the format of permanent names. If
- a tape does not have a permanent name, then by default the Backup System accepts only three strictly defined values in the AFS
- tape name field, and refuses to write a dump to a tape with an inappropriate AFS tape name. The acceptable values are a name
- that matches the volume set and dump level of the initial dump, the value <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
->, and no
- value in the field at all.</P
-><P
->If a tape has a permanent name, the Backup System does not check the AFS tape name, and as part of the dump operation
- constructs the appropriate AFS tape name itself and records it on the label. This means that if you assign a permanent name, the
- Backup System assigns an AFS tape name itself and the tape has both types of name. In contrast, if a tape has an AFS tape name
- but not a permanent name, you cannot assign a permanent name without first erasing the AFS tape name.</P
-><P
->(You can also suppress the Backup System's check of a tape's AFS tape name, even it does not have a permanent name, by
- assigning the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
-> to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NAME_CHECK</B
-></SPAN
-> instruction in the
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->device configuration file</I
-></SPAN
->. See <A
-HREF="c12776.html#HDRWQ280"
->Eliminating the AFS Tape Name Check</A
->.)</P
-><P
->Because the Backup System accepts unlabeled tapes, you do not have to label a tape before using it for the first time.
- After the first use, there are a couple of cases in which you must relabel a tape in order to write a dump to it: <UL
-><LI
-><P
->The tape does not have a permanent name, and the AFS tape name on it does not match the new initial dump set you
- want to create (the volume set and dump level names are different, or the index is incorrect).</P
-></LI
-><LI
-><P
->You want to recycle a tape before all of the dumps on it have expired. The Backup System does not overwrite a tape
- with any unexpired dumps. Keep in mind, though, that if you relabel the tape to making recycling possible, you erase all
- the dump records for the tape from the Backup Database, which makes it impossible to restore any data from the
- tape.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Labeling a tape that contains dump data makes it impossible to use that data in a restore operation, because the
- labeling operation removes the dump's records from the Backup Database. If you want to record a permanent name on a tape
- label, you must do it before dumping any data to the tape.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_305"
->Recording a Name on the Label</A
-></H2
-><P
->To write a permanent name on a tape's label, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-> argument to specify a
- string of up to 32 characters. Check that no other tape used with the Backup System in your cell already has the permanent
- name you are assigning, because the Backup System does not prevent you from assigning the same name to multiple tapes. The
- Backup System overwrites the existing AFS tape name, if any, with the value <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
->.
- When a tape has a permanent name, the Backup System uses it instead of the AFS tape name in most prompts and when referring to
- the tape in output from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands. The permanent name persists until you again include
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command,
- regardless of the tape's contents and of how often you recycle the tape or use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- labeltape</B
-></SPAN
-> command without the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-> argument.</P
-><P
->To write an AFS tape name on the label, provide a value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument that
- matches the volume set name and the final element in the dump level pathname of the initial dump that you plan to write to the
- tape, and an index that indicates the tape's place in the sequence of tapes for the dump set. The format is as follows:</P
-><PRE
-CLASS="programlisting"
-> volume_set_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->dump_level_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->tape_index
-</PRE
-><P
->If you omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument, the Backup System sets the AFS tape name to
- <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
->. The Backup System automatically constructs and records the appropriate name
- when you later write an initial dump to the tape by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> command.</P
-><P
->You cannot use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument if the tape already has a permanent name. To erase a
- tape's permanent name, provide a null value to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-> argument by issuing the following
- command:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape -pname ""</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_306"
->Recording a Capacity on the Label</A
-></H2
-><P
->To record the tape's capacity on the label, specify a number of kilobytes as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-size</B
-></SPAN
->
- argument. If you omit this argument the first time you label a tape, the Backup System records the default tape capacity
- associated with the specified port offset in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file on the Tape
- Coordinator machine. If the tape's capacity is different (in particular, larger) than the capacity recorded in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file, it is best to record a capacity on the label before using the tape. Once set, the
- value in the label's capacity field persists until you again use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-size</B
-></SPAN
-> argument to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command. For a discussion of the appropriate capacity to record for tapes,
- see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->.</P
-><P
->To read a tape's label, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup readlabel</B
-></SPAN
-> command.</P
-><P
->Most tapes also come with an adhesive label you can apply to the exterior casing. To help you easily identify a tape,
- record at least the tape's permanent and AFS tape names on the adhesive label. Depending on the recycling scheme you use, it
- can be useful to record other information, such as the dump ID, dump creation date, and expiration date of each dump you write
- to the tape.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ273"
->To label a tape</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the Tape Coordinator for the tape device that is to perform the operation is not already running, open a
- connection to the appropriate Tape Coordinator machine and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, for
- which complete instructions appear in <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape Coordinator process</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->port offset</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->]
-</PRE
-></P
-></LI
-><LI
-><P
->Place the tape in the device.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Optional</B
-></SPAN
->. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode, if you want to label multiple tapes or issue additional commands after labeling the tape. The
- interactive prompt appears in the following step. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) labeltape</B
-></SPAN
-> command to label the tape. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->labeltape</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->tape name, defaults to NULL</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-size</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->tape size in Kbytes, defaults to size in tapeconfig</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->TC port offset</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->permanent tape name</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->la</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->labeltape</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the AFS tape name to record on the label. Include this argument or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-> argument, but not both. If you omit this argument, the AFS tape name is set to
- <<VAR
-CLASS="replaceable"
->NULL</VAR
->>. If you provide it, it must have the following format. <PRE
-CLASS="programlisting"
-> volume_set_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->dump_level_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->tape_index
-</PRE
-></P
-><P
->for the tape to be acceptable for use in a future <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> operation.
- The volume_set_name must match the volume set name of the initial dump to be written to the tape, dump_level_name
- must match the last element of the dump level pathname at which the volume set is to be dumped, and tape_index
- must correctly indicate the tape's place in the sequence of tapes that house the dump set; indexing begins with
- the number 1 (one).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-size</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the tape capacity to record on the label. If you are labeling the tape for the first time, you
- need to include this argument only if the tape's capacity differs from the capacity associated with the specified
- port offset in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file on the Tape Coordinator
- machine.</P
-><P
->If you provide a value, it is an integer value followed by a letter that indicates units, with no
- intervening space. A unit value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->K</B
-></SPAN
->
- indicates kilobytes, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->M</B
-></SPAN
-> indicates megabytes,
- and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->g</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> indicates gigabytes. If you omit the
- units letter, the default is kilobytes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the port offset number of the Tape Coordinator handling the tape or backup data file for this
- operation. You must provide this argument unless the default value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) is
- appropriate.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the permanent name to record on the label. It can be up to 32 characters in length, and include
- any alphanumeric characters. Avoid metacharacters that have a special meaning to the shell, to avoid having to
- mark them as literal in commands issued at the shell prompt.</P
-><P
->Include this argument or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument, but not both. When you provide
- this argument, the AFS tape name is set to <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
->. If you omit this
- argument, any existing permanent name is retained.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you did not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag when you issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, or if the device's device configuration file includes the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY YES</B
-></SPAN
->, then the Tape Coordinator prompts you to place the tape in the device's drive. You
- have already done so, but you must now press <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
-> to indicate that the tape is
- ready for labeling.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ274"
->To read the label on a tape</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the Tape Coordinator for the tape device that is to perform the operation is not already running, open a
- connection to the appropriate Tape Coordinator machine and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, for
- which complete instructions appear in <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape Coordinator process</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->port offset</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->]
-</PRE
-></P
-></LI
-><LI
-><P
->Place the tape in the device.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Optional</B
-></SPAN
->. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode, if you want to label multiple tapes or issue additional commands after labeling the tape. The
- interactive prompt appears in the following step. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) readlabel</B
-></SPAN
-> command to read the label on the tape.
- <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->readlabel</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->TC port offset</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rea</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->readlabel</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TC port offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the port offset number of Tape Coordinator handling the tape or backup data file for this
- operation. You must provide this argument unless the default value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) is
- appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you did not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag when you issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, or the device's device configuration file includes the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY YES</B
-></SPAN
-> instruction, then the Tape Coordinator prompts you to place the tape in the device's
- drive. You have already done so, but you must now press <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
-> to indicate that
- the tape is ready for reading.</P
-></LI
-></OL
-><P
->Information from the tape label appears both in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command window and in the
- Tape Coordinator window. The output in the command window has the following format:</P
-><PRE
-CLASS="programlisting"
-> Tape read was labelled: tape_name (initial_dump_ID)
- size: size KBytes
-</PRE
-><P
->where tape_name is the tape's permanent name (if it has one) or AFS tape name, initial_dump_ID is the dump ID of the
- initial dump on the tape, and size is the capacity recorded on the label, in kilobytes.</P
-><P
->The information in the Tape Coordinator window is more extensive. The tape's permanent name appears in the
- <SAMP
-CLASS="computeroutput"
->tape name</SAMP
-> field and its AFS tape name in the <SAMP
-CLASS="computeroutput"
->AFS tape name</SAMP
->
- field. If either name is undefined, a value of <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
-> appears in the field instead. The
- capacity recorded on the label appears in the <SAMP
-CLASS="computeroutput"
->size</SAMP
-> field. Other fields in the output report
- the creation time, dump level name, and dump ID of the initial dump on the tape
- (<SAMP
-CLASS="computeroutput"
->creationTime</SAMP
->, <SAMP
-CLASS="computeroutput"
->dump path</SAMP
->, and <SAMP
-CLASS="computeroutput"
->dump
- id</SAMP
-> respectively). The <SAMP
-CLASS="computeroutput"
->cell</SAMP
-> field reports the cell in which the dump
- operation was performed, and the <SAMP
-CLASS="computeroutput"
->useCount</SAMP
-> field reports the number of times the tape has been
- relabeled, either with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command or during a dump operation. For further
- details, see the command's reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->.</P
-><P
->If the tape has no label, or if the drive is empty, the following message appears at the command shell:</P
-><PRE
-CLASS="programlisting"
-> Failed to read tape label.
-</PRE
-><P
->The following example illustrates the output in the command shell for a tape in the device with port offset 1:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup readlabel 1</B
-></SPAN
->
- Tape read was labelled: monthly_guest (917860000)
- size: 2150000 KBytes
-</PRE
-><P
->The following output appears in the Tape Coordinator window at the same time:</P
-><PRE
-CLASS="programlisting"
-> Tape label
- ----------
- tape name = monthly_guest
- AFS tape name = guests.monthly.3
- creationTime = Mon Feb 1 04:06:40 1999
- cell = abc.com
- size = 2150000 Kbytes
- dump path = /monthly
- dump id = 917860000
- useCount = 44
- -- End of tape label --
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ275"
->Automating and Increasing the Efficiency of the Backup Process</A
-></H1
-><P
->The Backup System includes several optional features to help you automate the backup process in your cell and make it more
- efficient. By combining several of the features, you can dump volume data to tape with minimal human intervention in most cases.
- To take advantage of many of the features, you create a device configuration file in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory for each tape device that participates in automated operations. For general
- instructions on creating the device configuration file, see <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration
- File</A
->. The following list refers you to sections that describe each feature in greater detail. <UL
-><LI
-><P
->You can use tape stackers and jukeboxes to perform backup operations. These are tape drives with an attached unit
- that stores several tapes and can physically insert and remove them from the tape reader (tape drive) without human
- intervention, meaning that no operator has to be present even for backup operations that require several tapes. To use a
- stacker or jukebox with the Backup System, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instructions in its device configuration file. See <A
-HREF="c12776.html#HDRWQ277"
->Invoking a
- Device's Tape Mounting and Unmounting Routines</A
->.</P
-></LI
-><LI
-><P
->You can suppress the Tape Coordinator's default prompt for the initial tape that it needs for a backup operation,
- again eliminating the need for a human operator to be present when a backup operation begins. (You must still insert the
- correct tape in the drive at some point before the operation begins.) To suppress the initial prompt, include the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, or assign the
- value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
-> to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY</B
-></SPAN
-> instruction in the device
- configuration file. See <A
-HREF="c12776.html#HDRWQ278"
->Eliminating the Search or Prompt for the Initial Tape</A
->.</P
-></LI
-><LI
-><P
->You can suppress the prompts that the Tape Coordinator otherwise generates when it encounters several types of
- errors. When you use this feature, the Tape Coordinator instead responds to the errors in a default manner, which
- generally allows the operation to continue without human intervention. To suppress prompts about error conditions, assign
- the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
-> to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ASK</B
-></SPAN
-> instruction in the device
- configuration file. See <A
-HREF="c12776.html#HDRWQ279"
->Enabling Default Responses to Error Conditions</A
->.</P
-></LI
-><LI
-><P
->You can suppress the Backup System's default verification that the AFS tape name on a tape that has no permanent
- name matches the name derived from the volume set and dump level names of the initial dump the Backup System is writing to
- the tape. This enables you to recycle a tape without first relabeling it, as long as all dumps on it are expired. To
- suppress name checking, assign the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
-> to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NAME_CHECK</B
-></SPAN
-> instruction in the device configuration file. See <A
-HREF="c12776.html#HDRWQ280"
->Eliminating
- the AFS Tape Name Check</A
->.</P
-></LI
-><LI
-><P
->You can promote tape streaming (the most efficient way for a tape device to operate) by setting the size of the
- memory buffer the Tape Coordinator uses when transferring volume data between the file system and the device. To set the
- buffer size, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BUFFERSIZE</B
-></SPAN
-> instruction in the device configuration file. See
- <A
-HREF="c12776.html#HDRWQ281"
->Setting the Memory Buffer Size to Promote Tape Streaming</A
->.</P
-></LI
-><LI
-><P
->You can write dumps to a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->backup data file</I
-></SPAN
-> on the local disk of the Tape Coordinator machine,
- rather than to tape. You can then transfer the backup data file to a data-archiving system, such as a hierarchical storage
- management (HSM) system, that you use in conjunction with AFS and the Backup System. Writing a dump to a file is usually
- more efficient that issuing the equivalent <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> commands individually. To write dumps
- to a file, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FILE</B
-></SPAN
-> instruction in the device configuration file. See <A
-HREF="c12776.html#HDRWQ282"
->Dumping Data to a Backup Data File</A
->.</P
-></LI
-></UL
-></P
-><P
->There are two additional ways to increase backup automation and efficiency that do not involve the device configuration
- file: <UL
-><LI
-><P
->You can schedule one or more <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> commands to run at specified times. This
- enables you to create backups at times of low system usage, without requiring a human operator to be present. You can
- schedule a single dump operation for a future time, or multiple operations to run at various future times. See <A
-HREF="c15383.html#HDRWQ300"
->Scheduling Dumps</A
->.</P
-></LI
-><LI
-><P
->You can append dumps to a tape that already has other dumps on it. This enables you to use as much of a tape's
- capacity as possible. The appended dumps do not have be related in any way to one another or to the initial dump on the
- tape, but grouping dumps appropriately can reduce the number of necessary tape changes during a restore operation. To
- append a dump, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- dump</B
-></SPAN
-> command. See <A
-HREF="c15383.html#HDRWQ299"
->Appending Dumps to an Existing Dump Set</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ276"
->Creating a Device Configuration File</A
-></H2
-><P
->To use many of the features that automate backup operations, create a configuration file for each tape device in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory on the local disk of the Tape Coordinator machine that drives the
- device. The filename has the following form:</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name</P
-><P
->where device_name represents the name of the tape device or backup data file (see <A
-HREF="c12776.html#HDRWQ282"
->Dumping Data
- to a Backup Data File</A
-> to learn about writing dumps to a file rather than to tape).</P
-><P
->For a tape device, construct the device_name portion of the name by stripping off the initial <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/</B
-></SPAN
-> string with which all UNIX device names conventionally begin, and replacing any other slashes in
- the name with underscores. For example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_rmt_4m</B
-></SPAN
-> is the appropriate filename for a device
- called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/rmt/4m</B
-></SPAN
->.</P
-><P
->For a backup data file, construct the device_name portion by stripping off the initial slash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->) and replacing any other slashes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->) in the name with underscores.
- For example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_var_tmp_FILE</B
-></SPAN
-> is the appropriate filename for a backup data file called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/var/tmp/FILE</B
-></SPAN
->.</P
-><P
->Creating a device configuration file is optional. If you do not want to take advantage of any of the features that the
- file provides, you do not have to create it.</P
-><P
->You can include one of each of the following instructions in any order in a device configuration file. All are optional.
- Place each instruction on its own line, but do not include any newline (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
->)
- characters within an instruction. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT and UNMOUNT</B
-></SPAN
-></DT
-><DD
-><P
->Identify a script of routines for mounting and unmounting tapes in a tape stacker or jukebox's drive as needed.
- See <A
-HREF="c12776.html#HDRWQ277"
->Invoking a Device's Tape Mounting and Unmounting Routines</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY</B
-></SPAN
-></DT
-><DD
-><P
->Controls whether the Tape Coordinator prompts for the first tape it needs for a backup operation. See <A
-HREF="c12776.html#HDRWQ278"
->Eliminating the Search or Prompt for the Initial Tape</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ASK</B
-></SPAN
-></DT
-><DD
-><P
->Controls whether the Tape Coordinator asks you how to respond to certain error conditions. See <A
-HREF="c12776.html#HDRWQ279"
->Enabling Default Responses to Error Conditions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NAME_CHECK</B
-></SPAN
-></DT
-><DD
-><P
->Controls whether the Tape Coordinator verifies that an AFS tape name matches the initial dump you are writing to
- the tape. See <A
-HREF="c12776.html#HDRWQ280"
->Eliminating the AFS Tape Name Check</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BUFFERSIZE</B
-></SPAN
-></DT
-><DD
-><P
->Sets the size of the memory buffer the Tape Coordinator uses when transferring data between a tape device and a
- volume. See <A
-HREF="c12776.html#HDRWQ281"
->Setting the Memory Buffer Size to Promote Tape Streaming</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FILE</B
-></SPAN
-></DT
-><DD
-><P
->Controls whether the Tape Coordinator writes dumps to, and restores data from, a tape device or a backup data
- file. See <A
-HREF="c12776.html#HDRWQ282"
->Dumping Data to a Backup Data File</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ277"
->Invoking a Device's Tape Mounting and Unmounting Routines</A
-></H2
-><P
->A tape stacker or jukebox helps you automate backup operations because it can switch between multiple tapes during an
- operation without human intervention. To take advantage of this feature, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
->
- and optionally <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instructions in the device configuration file that you write for the
- stacker or jukebox. The instructions share the same syntax:</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> filename
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> filename
-</PRE
-><P
->where filename is the pathname on the local disk of a script or program you have written that invokes the routines
- defined by the device's manufacturer for mounting or unmounting a tape in the device's tape drive. (For convenience, the
- following discussion uses the term <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->script</I
-></SPAN
-> to refers to both scripts and programs.) The script usually
- also contains additional logic that handles error conditions or modifies the script's behavior depending on which backup
- operation is being performed.</P
-><P
->You can refer to different scripts with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instructions, or to a single script that invokes both mounting and unmounting routines. The
- scripts inherit the local identity and AFS tokens associated with to the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->
- command.</P
-><P
->You need to include a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in the device configuration file for all tape
- devices, but the need for an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instruction depends on the tape-handling routines that
- the device's manufacturer provides. Some devices, usually stackers, have only a single routine for mounting tapes, which also
- automatically unmounts a tape whose presence prevents insertion of the required new tape. In this case, an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instruction is not necessary. For devices that have separate mounting and unmounting routines,
- you must include an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instruction to remove a tape when the Tape Coordinator is
- finished with it; otherwise, subsequent attempts to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction fail with an
- error.</P
-><P
->When the device configuration file includes a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction, you must stock the
- stacker or jukebox with the necessary tapes before running a backup operation. Many jukeboxes are able to search for the
- required tape by reading external labels (such as barcodes) on the tapes, but many stackers can only switch between tapes in
- sequence and sometimes only in one direction. In the latter case, you must also stock the tapes in the correct order.</P
-><P
->To obtain a list of the tapes required for a restore operation so that you can prestock them in the tape device, include
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-> flag on the appropriate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volsetrestore</B
-></SPAN
->). For a dump operation, it is generally sufficient to stock the device with more tapes than the
- operation is likely to require. You can prelabel the tapes with permanent names or AFS tape names, or not prelabel them at
- all. If you prelabel the tapes for a dump operation with AFS tape names, then it is simplest to load them into the stacker in
- sequential order by tape index. But it is probably simpler still to prelabel tapes with permanent tape names or use unlabeled
- tapes, in which case the Backup System generates and applies the appropriately indexed AFS tape name itself during the dump
- operation.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_312"
->How the Tape Coordinator Uses the MOUNT and UNMOUNT Instructions</A
-></H3
-><P
->When you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command to initialize the Tape Coordinator for a given tape
- device, the Tape Coordinator looks for the device configuration file called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/CFG_</B
-></SPAN
->device_name on its local disk, where device_name has the format described in
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->. If the file exists and contains a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction, then whenever the Tape Coordinator needs a tape, it executes the script named by
- the instruction's filename argument.</P
-><P
->If the device configuration file does not exist, or does not include a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
->
- instruction, then whenever the Tape Coordinator needs a tape, it generates a prompt in its window instructing the operator
- to insert the necessary tape. The operator must insert the tape and press <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
->
- before the Tape Coordinator continues the backup operation.</P
-><P
->Note, however, that you can modify the Tape Coordinator's behavior with respect to the first tape needed for an
- operation, by setting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY</B
-></SPAN
-> instruction in the device configuration file to
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
->, or including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command. In this case, the Tape Coordinator does not execute the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction or prompt for a tape at the start of an operation, because it expects to find the
- required first tape in the drive. See <A
-HREF="c12776.html#HDRWQ278"
->Eliminating the Search or Prompt for the Initial
- Tape</A
->.</P
-><P
->If there is an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instruction in the device configuration file, then whenever
- the Tape Coordinator closes the tape device, it executes the script named by the instruction's filename argument. It
- executes the script only once, and regardless of whether the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> operation on the device
- succeeded or not. If the device configuration file does not include an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instruction,
- then the Tape Coordinator takes no action.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_313"
->The Available Parameters and Required Exit Codes</A
-></H3
-><P
->When the Tape Coordinator executes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> script, it passes in five parameters,
- ordered as follows. You can use the parameters in your script to refine its response to varying circumstances that can arise
- during a backup operation. <OL
-TYPE="1"
-><LI
-><P
->The tape device or backup data file's pathname, as recorded in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file.</P
-></LI
-><LI
-><P
->The tape operation, which (except for the exceptions noted in the following list) matches the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command operation code used to initiate the operation: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->appenddump</B
-></SPAN
-> (when a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command
- includes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
-> flag)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dump</B
-></SPAN
-> (when a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command does
- not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
-> flag)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->labeltape</B
-></SPAN
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->readlabel</B
-></SPAN
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restore</B
-></SPAN
-> (for a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
->
- command)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restoredb</B
-></SPAN
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savedb</B
-></SPAN
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scantape</B
-></SPAN
-></P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->The number of times the Tape Coordinator has attempted to open the tape device or backup data file. If the open
- attempt returns an error, the Tape Coordinator increments this value by one and again invokes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction.</P
-></LI
-><LI
-><P
->The tape name. For some operations, the Tape Coordinator passes the string
- <SAMP
-CLASS="computeroutput"
->none</SAMP
->, because it does not know the tape name (when running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup readlabel</B
-></SPAN
->, for example), or because
- the tape does not necessarily have a name (when running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command,
- for example).</P
-></LI
-><LI
-><P
->The tape ID recorded in the Backup Database. As with the tape name, the Backup System passes the string
- <SAMP
-CLASS="computeroutput"
->none</SAMP
-> for operations where it does not know the tape ID or the tape does not
- necessarily have an ID.</P
-></LI
-></OL
-></P
-><P
->Your <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> script must return one of the following exit codes to tell the Tape
- Coordinator whether or not it mounted the tape successfully: <UL
-><LI
-><P
->Code <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) indicates a successful mount, and the Tape Coordinator continues
- the backup operation. If the script or program called by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction does
- not return this exit code, the Tape Coordinator never calls the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
->
- instruction.</P
-></LI
-><LI
-><P
->Code <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> indicates that mount attempt failed. The Tape Coordinator terminates the
- backup operation.</P
-></LI
-><LI
-><P
->Any other code indicates that the script was unable to access the correct tape. The Tape Coordinator prompts the
- operator to insert it.</P
-></LI
-></UL
-></P
-><P
->When the Tape Coordinator executes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> script, it passes in two parameters in
- the following order. <OL
-TYPE="1"
-><LI
-><P
->The tape device's pathname (as specified in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
->
- file)</P
-></LI
-><LI
-><P
->The tape operation, which is always <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unmount</B
-></SPAN
->.</P
-></LI
-></OL
-></P
-><P
->The following example script uses two of the parameters passed to it by the Backup System:
- <SAMP
-CLASS="computeroutput"
->tries</SAMP
-> and <SAMP
-CLASS="computeroutput"
->operation</SAMP
->. It follows the recommended practice
- of exiting if the value of the <SAMP
-CLASS="computeroutput"
->tries</SAMP
-> parameter exceeds one, because that implies that the
- stacker is out of tapes.</P
-><P
->For a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> operation, the
- routine calls the example <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stackerCmd_NextTape</B
-></SPAN
-> function provided by the stacker's
- manufacturer. Note that the final lines in the file return the exit code that prompts the operator to insert a tape; these
- lines are invoked when either the stacker cannot load a tape or a the operation being performed is not one of those
- explicitly mentioned in the file (is a restore operation, for example).</P
-><PRE
-CLASS="programlisting"
-> #! /bin/csh -f
- set devicefile = $1
- set operation = $2
- set tries = $3
- set tapename = $4
- set tapeid = $5
- set exit_continue = 0
- set exit_abort = 1
- set exit_interactive = 2
- #--------------------------------------------
- if (${tries} > 1) then
- echo "Too many tries"
- exit ${exit_interactive}
- endif
- if (${operation} == "unmount") then
- echo "UnMount: Will leave tape in drive"
- exit ${exit_continue}
- endif
- if ((${operation} == "dump") |\
- (${operation} == "appenddump") |\
- (${operation} == "savedb")) then
- stackerCmd_NextTape ${devicefile}
- if (${status} != 0)exit${exit_interactive}
- echo "Will continue"
- exit ${exit_continue}
- endif
- if ((${operation} == "labeltape") |\
- (${operation} == "readlabel")) then
- echo "Will continue"
- exit ${exit_continue}
- endif
- echo "Prompt for tape"
- exit ${exit_interactive}
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ278"
->Eliminating the Search or Prompt for the Initial Tape</A
-></H2
-><P
->By default, the Tape Coordinator obtains the first tape it needs for a backup operation by reading the device
- configuration file for the appropriate tape device. If there is a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in the
- file, the Tape Coordinator executes the referenced script. If the device configuration file does not exist or does not have a
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in it, the Tape Coordinator prompts you to insert the correct tape and
- press <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
->.</P
-><P
->If you know in advance that an operation requires a tape, you can increase efficiency by placing the required tape in
- the drive before issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command and telling the Tape Coordinator's to skip its
- initial tape-acquisition steps. This both enables the operation to begin more quickly and eliminates that need for you to be
- present to insert a tape.</P
-><P
->There are two ways to bypass the Tape Coordinator's initial tape-acquisition steps: <OL
-TYPE="1"
-><LI
-><P
->Include the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY NO</B
-></SPAN
-> in the device configuration file</P
-></LI
-><LI
-><P
->Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->
- command</P
-></LI
-></OL
-></P
-><P
->To avoid any error conditions that require operator attention, be sure that the tape you are placing in the drive does
- not contain any unexpired dumps and is not write protected. If there is no permanent name on the tape's label and you are
- creating an initial dump, make sure that the AFS tape name either matches the volume set and dump set names or is
- <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
->. Alternatively, suppress the Tape Coordinator's name verification step by
- assigning the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
-> to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NAME_CHECK</B
-></SPAN
-> instruction in the
- device configuration file, as described in <A
-HREF="c12776.html#HDRWQ280"
->Eliminating the AFS Tape Name Check</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ279"
->Enabling Default Responses to Error Conditions</A
-></H2
-><P
->By default, the Tape Coordinator asks you how to respond when it encounters certain error conditions. To suppress the
- prompts and cause the Tape Coordinator to handle the errors in a predetermined manner, include the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ASK NO</B
-></SPAN
-> in the device configuration file. If you assign the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->YES</B
-></SPAN
->,
- or omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ASK</B
-></SPAN
-> instruction completely, the Tape Coordinator prompts you for direction when
- it encounters one of the errors.</P
-><P
->The following list describes the error conditions and the Tape Coordinator's response to them. <UL
-><LI
-><P
->The Backup System is unable to dump a volume while running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
->
- command. When you assign the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
->, the Tape Coordinator omits the volume from the
- dump and continues the operation. When you assign the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->YES</B
-></SPAN
->, it prompts to ask if
- you want to try to dump the volume again immediately, to omit the volume from the dump but continue the operation, or to
- terminate the operation.</P
-></LI
-><LI
-><P
->The Backup System is unable to restore a volume while running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- diskrestore</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volsetrestore</B
-></SPAN
-> command. When you assign the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
->, the Tape Coordinator
- continues the operation, omitting the problematic volume but restoring the remaining ones. When you assign the value
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->YES</B
-></SPAN
->, it prompts to ask if you want to omit the volume and continue the operation, or to
- terminate the operation.</P
-></LI
-><LI
-><P
->The Backup System cannot determine if the dump set includes any more tapes while running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command (the command's reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration
- Reference</I
-></SPAN
-> discusses possible reasons for this problem). When you assign the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
->, the Tape Coordinator proceeds as though there are more tapes and invokes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> script named in the device configuration file, or prompts the operator to insert the next
- tape. When you assign the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->YES</B
-></SPAN
->, it prompts to ask if there are more tapes to
- scan.</P
-></LI
-><LI
-><P
->The Backup System determines that the tape contains an unexpired dump while running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command. When you assign the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
->, it
- terminates the operation without relabeling the tape. With a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->YES</B
-></SPAN
-> value, the Tape
- Coordinator prompts to ask if you want to relabel the tape anyway.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ280"
->Eliminating the AFS Tape Name Check</A
-></H2
-><P
->If a tape does not have a permanent name and you are writing an initial dump to it, then by default the Backup System
- verifies that the tape's AFS tape name is acceptable. It accepts three types of values: <UL
-><LI
-><P
->A name that reflects the volume set and dump level of the initial dump and the tape's place in the sequence of
- tapes for the dump set, as described in <A
-HREF="c12776.html#HDRWQ253"
->Dump Names and Tape Names</A
->. If the tape does not
- already have a permanent name, you can assign the AFS tape name by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
->
- argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->A <SAMP
-CLASS="computeroutput"
-><NULL></SAMP
-> value, which results when you assign a permanent name, or provide
- no value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
->
- argument.</P
-></LI
-><LI
-><P
->No AFS tape name at all, indicating that you have never labeled the tape or written a dump to it.</P
-></LI
-></UL
-></P
-><P
->To bypass the name check, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NAME_CHECK NO</B
-></SPAN
-> instruction in the device
- configuration file. This enables you to recycle a tape without first relabeling it, as long as all dumps on it are expired.
- (If a tape has unexpired dumps on it but you want to recycle it anyway, you must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- labeltape</B
-></SPAN
-> command to relabel it first. For this to work, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ASK NO</B
-></SPAN
-> instruction
- cannot appear in the device configuration file.)</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ281"
->Setting the Memory Buffer Size to Promote Tape Streaming</A
-></H2
-><P
->By default, the Tape Coordinator uses a 16-KB memory buffer during dump operations. As it receives volume data from the
- Volume Server, the Tape Coordinator gathers 16 KB of data in the buffer before transferring the entire 16 KB to the tape
- device. Similarly, during a restore operation the Tape Coordinator by default buffers 32 KB of data from the tape device
- before transferring the entire 32 KB to the Volume Server for restoration into the file system. Buffering makes the volume of
- data flowing to and from a tape device more even and so promotes tape streaming, which is the most efficient way for a tape
- device to operate.</P
-><P
->In a normal network configuration, the default buffer sizes are usually large enough to promote tape streaming. If the
- network between the Tape Coordinator machine and file server machines is slow, it can help to increase the buffer size.</P
-><P
->To determine if altering the buffer size is helpful for your configuration, observe the tape device in operation to see
- if it is streaming, or consult the manufacturer. To set the buffer size, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BUFFERSIZE</B
-></SPAN
-> instruction in the device configuration file. It takes an integer value, and optionally
- units, in the following format:</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BUFFERSIZE</B
-></SPAN
-> size[{<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->K</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->M</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->g</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
->}]
-</PRE
-><P
->where size specifies the amount of memory the Tape Coordinator allocates to use as a buffer during both dump and restore
- operations. The default unit is bytes, but use <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->K</B
-></SPAN
-> to
- specify kilobytes, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->M</B
-></SPAN
-> for megabytes, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->g</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> for gigabytes. There is no space between the size value and the
- units letter.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ282"
->Dumping Data to a Backup Data File</A
-></H2
-><P
->You can write dumps to a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->backup data file</I
-></SPAN
-> rather than to tape. This is useful if, for example, you
- want to transfer the data to a data-archiving system, such as a hierarchical storage management (HSM) system, that you use in
- conjunction with AFS and the Backup System. You can restore data from a backup data file into the file system as well. Using a
- backup data file is usually more efficient than issuing the equivalent <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-> commands individually for multiple volumes.</P
-><P
->Writing to a backup data file is simplest if it is on the local disk of the Tape Coordinator machine, but you can also
- write the file to an NFS-mounted partition that resides on a remote machine. It is even acceptable to write to a file in AFS,
- provided that the access control list (ACL) on its parent directory grants the necessary permissions, but it is somewhat
- circular to back up AFS data into AFS itself.</P
-><P
->If the backup data file does not already exist when the Tape Coordinator attempts to write a dump to it, the Tape
- Coordinator creates it. For a restore operation to succeed, the file must exist and contain volume data previously written to
- it during a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> operation.</P
-><P
->When writing to a backup data file, the Tape Coordinator writes data at 16 KB offsets. If a given block of data (such as
- the marker that signals the beginning or end of a volume) does not fill the entire 16 KB, the Tape Coordinator still skips to
- the next offset before writing the next block. In the output of a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-> command
- issued with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> option, the value in the <SAMP
-CLASS="computeroutput"
->Pos</SAMP
-> column is
- the ordinal of the 16-KB offset at which the volume data begins, and so is not generally only one higher than the position
- number on the previous line, as it is for dumps to tape.</P
-><P
->Before writing to a backup data file, you need to configure the file as though it were a tape device.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->A file pathname, rather than a tape device name, must appear in the third field of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FILE YES</B
-></SPAN
-> instruction
- appears in the device configuration file, and vice versa. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file instead
- refers to a tape device, dump operations appear to succeed but are inoperative. You cannot restore data that you accidently
- dumped to a tape device while the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FILE</B
-></SPAN
-> instruction was set to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->YES</B
-></SPAN
->. In the same way, if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FILE</B
-></SPAN
-> instruction is set to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
->, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> entry must refer to an actual tape device.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_319"
->To configure a backup data file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Optional</B
-></SPAN
->. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Choose the port offset number to assign to the file. If necessary, display previously assigned port offsets by
- issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) listhosts</B
-></SPAN
-> command, which is fully described in <A
-HREF="c12776.html#HDRWQ264"
->To display the list of configured Tape Coordinators</A
->. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listhosts</B
-></SPAN
->
-</PRE
-></P
-><P
->As for a tape device, acceptable values are the integers <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->58510</B
-></SPAN
-> (the Backup System can track a maximum of 58,511 port offset numbers). Each port offset must
- be unique in the cell, but you can associate any number them with a single Tape Coordinator machine. You do not have to
- assign port offset numbers sequentially.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) addhost</B
-></SPAN
-> command to register the backup data file's port offset
- in the Backup Database. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addhost</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->tape machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->TC port offset</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addh</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addhost</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tape machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the fully qualified hostname of the Tape Coordinator machine you invoke to write to the backup
- data file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TC port offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the file's port offset number. You must provide this argument unless the default value of
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) is appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LITAPECONFIG-FILE"
-></A
->Using a text editor, create an entry for the backup data file in the local
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file, using the standard syntax: <PRE
-CLASS="programlisting"
-> [capacity filemark_size] device_name port_offset
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->capacity</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the amount of space on the partition that houses the backup data file that you want to make
- available for the file. To avoid the complications that arise from filling up the partition, it is best to provide
- a value somewhat smaller than the actual amount of space you expect to be available when the dump operation runs,
- and never larger than the maximum file size allowed by the operating system.</P
-><P
->Specify a numerical value followed by a letter that indicates units, with no intervening space. The letter
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->K</B
-></SPAN
-> indicates kilobytes, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->M</B
-></SPAN
-> indicates megabytes, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->g</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> indicates gigabytes. If you omit the units letter,
- the default is kilobytes. If you leave this field empty, the Tape Coordinator uses the maximum acceptable value
- (2048 GB or 2 TB). Also leave the filemark_size field empty in that case.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->filemark_size</B
-></SPAN
-></DT
-><DD
-><P
->Specify the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) or leave both this field and the capacity field
- empty. In the latter case, the Tape Coordinator also uses the value zero.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->device_name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete pathname of the backup data file. Rather than specifying an actual file pathname,
- however, the recommended configuration is to create a symbolic link in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev</B
-></SPAN
->
- directory that points to the actual file pathname, and record the symbolic link in this field. This configuration
- provides these advantages: <UL
-><LI
-><P
->It makes the device_name portion of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name, of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TE_</B
-></SPAN
->device_name, and of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TL_</B
-></SPAN
->device_name
- filenames as short as possible. Because the symbolic link is in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev</B
-></SPAN
->
- directory as though it is a tape device, you strip off the entire <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/</B
-></SPAN
->
- prefix when forming the filename, instead of just the initial slash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->).
- If, for example, the symbolic link is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/FILE</B
-></SPAN
->, the device
- configuration file's name is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_FILE</B
-></SPAN
->, whereas if the actual pathname
- /<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->var/tmp/FILE</B
-></SPAN
-> appears in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
->
- file, the configuration file's name must be <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_var_tmp_FILE</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->It provides for a more graceful, and potentially automated, recovery if the Tape Coordinator cannot
- write a complete dump into the backup data file (for example, because the partition housing the backup data
- file becomes full). The Tape Coordinator's reaction to this problem is to invoke the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> script, or to prompt you if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
->
- instruction does not appear in the configuration file. <UL
-><LI
-><P
->If there is a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> script, you can prepare for this situation
- by adding a subroutine to the script that changes the symbolic link to point to another backup data
- file on a partition where there is space available.</P
-></LI
-><LI
-><P
->If there is no <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction, the prompt enables you
- manually to change the symbolic link to point to another backup data file and then press <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Return</B
-></SPAN
->> to signal that the Tape Coordinator can continue the
- operation.</P
-></LI
-></UL
-></P
-><P
->If this field names the actual file, there is no way to recover from exhausting the space on the
- partition. You cannot change the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file in the middle of an
- operation.</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->port_offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the port offset number that you chose for the backup data file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->Create the device configuration file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name in the Tape Coordinator
- machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FILE
- YES</B
-></SPAN
-> instruction in the file.</P
-><P
->Construct the device_name portion of the name based on the device name you recorded in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file in Step <A
-HREF="c12776.html#LITAPECONFIG-FILE"
->6</A
->. If, as recommended, you
- recorded a symbolic link name, strip off the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/</B
-></SPAN
-> string and replace any other slashes
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->) in the name with underscores (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->_</B
-></SPAN
->). For example,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_FILE</B
-></SPAN
-> is the appropriate name if the symbolic link is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/FILE</B
-></SPAN
->. If you recorded the name of an actual file, then strip off the initial slash only and
- replace any other slashes in the name with underscores. For a backup data file called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/var/tmp/FILE</B
-></SPAN
->, the appropriate device configuration filename is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_var_tmp_FILE</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->If you chose in Step <A
-HREF="c12776.html#LITAPECONFIG-FILE"
->6</A
-> to record a symbolic link name in the device_name
- field of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> entry, then you must do one of the following: <UL
-><LI
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ln -s</B
-></SPAN
-> command to create the appropriate symbolic link in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev</B
-></SPAN
-> directory</P
-></LI
-><LI
-><P
->Write a script that initializes the backup data file in this way, and include a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in the device configuration file to invoke the script. An example script
- appears following these instructions.</P
-></LI
-></UL
-></P
-></LI
-></OL
-><P
->You do not need to create the backup data file itself, because the Tape Coordinator does so if the file does not exist
- when the dump operation begins.</P
-><P
->The following example script illustrates how you can automatically create a symbolic link to the backup data file during
- the preparation phase for writing to the file. When the Tape Coordinator is executing a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- dump</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup restore</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup restoredb</B
-></SPAN
-> operation, the routine invokes the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ln -s</B
-></SPAN
-> command
- to create a symbolic link from the backup data file named in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file to the
- actual file to use (this is the recommended method). It uses the values of the <SAMP
-CLASS="computeroutput"
->tapename</SAMP
-> and
- <SAMP
-CLASS="computeroutput"
->tapeid</SAMP
-> parameters passed to it by the Backup System when constructing the filename.</P
-><P
->The routine makes use of two other parameters as well: <SAMP
-CLASS="computeroutput"
->tries</SAMP
-> and
- <SAMP
-CLASS="computeroutput"
->operation</SAMP
->. The <SAMP
-CLASS="computeroutput"
->tries</SAMP
-> parameter tracks how many times the
- Tape Coordinator has attempted to access the file. A value greater than one indicates that the Tape Coordinator cannot access
- it, and the routine returns exit code 2 (<SAMP
-CLASS="computeroutput"
->exit_interactive</SAMP
->), which results in a prompt for the
- operator to load a tape. The operator can use this opportunity to change the name of the backup data file specified in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file.</P
-><PRE
-CLASS="programlisting"
-> #! /bin/csh -f
- set devicefile = $1
- set operation = $2
- set tries = $3
- set tapename = $4
- set tapeid = $5
- set exit_continue = 0
- set exit_abort = 1
- set exit_interactive = 2
- #--------------------------------------------
- if (${tries} > 1) then
- echo "Too many tries"
- exit ${exit_interactive}
- endif
- if (${operation} == "labeltape") then
- echo "Won't label a tape/file"
- exit ${exit_abort}
- endif
- if ((${operation} == "dump") |\
- (${operation} == "appenddump") |\
- (${operation} == "restore") |\
- (${operation} == "savedb") |\
- (${operation} == "restoredb")) then
- /bin/rm -f ${devicefile}
- /bin/ln -s /hsm/${tapename}_${tapeid} ${devicefile}
- if (${status} != 0) exit ${exit_abort}
- endif
- exit ${exit_continue}
-</PRE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c8420.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c15383.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Managing Volumes</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p3023.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Backing Up and Restoring AFS Data</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->An Overview of AFS Administration</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Concepts and Configuration Issues"
-HREF="p128.html"><LINK
-REL="PREVIOUS"
-TITLE="Concepts and Configuration Issues"
-HREF="p128.html"><LINK
-REL="NEXT"
-TITLE="Issues in Cell Configuration and Administration"
-HREF="c667.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="p128.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c667.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ5"
-></A
->Chapter 1. An Overview of AFS Administration</H1
-><P
->This chapter provides a broad overview of the concepts and organization of AFS. It is strongly recommended that anyone
- involved in administering an AFS cell read this chapter before beginning to issue commands.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ6"
->A Broad Overview of AFS</A
-></H1
-><P
->This section introduces most of the key terms and concepts necessary for a basic understanding of AFS. For a more detailed
- discussion, see <A
-HREF="c130.html#HDRWQ7"
->More Detailed Discussions of Some Basic Concepts</A
->.</P
-><DIV
-CLASS="sect2"
-><H3
-CLASS="sect2"
-><A
-NAME="AEN137"
->AFS: A Distributed File System</A
-></H3
-><P
->AFS is a distributed file system that enables users to share and access all of the files stored in a network of
- computers as easily as they access the files stored on their local machines. The file system is called distributed for this
- exact reason: files can reside on many different machines (be distributed across them), but are available to users on every
- machine.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H3
-CLASS="sect2"
-><A
-NAME="AEN140"
->Servers and Clients</A
-></H3
-><P
->In fact, AFS stores files on a subset of the machines in a network, called file server machines. File server machines
- provide file storage and delivery service, along with other specialized services, to the other subset of machines in the
- network, the client machines. These machines are called clients because they make use of the servers' services while doing
- their own work. In a standard AFS configuration, clients provide computational power, access to the files in AFS and other
- "general purpose" tools to the users seated at their consoles. There are generally many more client workstations than file
- server machines.</P
-><P
->AFS file server machines run a number of server processes, so called because each provides a distinct specialized
- service: one handles file requests, another tracks file location, a third manages security, and so on. To avoid confusion, AFS
- documentation always refers to server machines and server processes, not simply to servers. For a more detailed description of
- the server processes, see <A
-HREF="c130.html#HDRWQ17"
->AFS Server Processes and the Cache Manager</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H3
-CLASS="sect2"
-><A
-NAME="AEN145"
->Cells</A
-></H3
-><P
->A cell is an administratively independent site running AFS. As a cell's system administrator, you make many decisions
- about configuring and maintaining your cell in the way that best serves its users, without having to consult the
- administrators in other cells. For example, you determine how many clients and servers to have, where to put files, and how to
- allocate client machines to users.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H3
-CLASS="sect2"
-><A
-NAME="AEN148"
->Transparent Access and the Uniform Namespace</A
-></H3
-><P
->Although your AFS cell is administratively independent, you probably want to organize the local collection of files
- (your filespace or tree) so that users from other cells can also access the information in it. AFS enables cells to combine
- their local filespaces into a global filespace, and does so in such a way that file access is transparent--users do not need
- to know anything about a file's location in order to access it. All they need to know is the pathname of the file, which looks
- the same in every cell. Thus every user at every machine sees the collection of files in the same way, meaning that AFS
- provides a uniform namespace to its users.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H3
-CLASS="sect2"
-><A
-NAME="AEN151"
->Volumes</A
-></H3
-><P
->AFS groups files into volumes, making it possible to distribute files across many machines and yet maintain a uniform
- namespace. A volume is a unit of disk space that functions like a container for a set of related files, keeping them all
- together on one partition. Volumes can vary in size, but are (by definition) smaller than a partition.</P
-><P
->Volumes are important to system administrators and users for several reasons. Their small size makes them easy to move
- from one partition to another, or even between machines. The system administrator can maintain maximum efficiency by moving
- volumes to keep the load balanced evenly. In addition, volumes correspond to directories in the filespace--most cells store
- the contents of each user home directory in a separate volume. Thus the complete contents of the directory move together when
- the volume moves, making it easy for AFS to keep track of where a file is at a certain time. Volume moves are recorded
- automatically, so users do not have to keep track of file locations.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H3
-CLASS="sect2"
-><A
-NAME="AEN155"
->Efficiency Boosters: Replication and Caching</A
-></H3
-><P
->AFS incorporates special features on server machines and client machines that help make it efficient and
- reliable.</P
-><P
->On server machines, AFS enables administrators to replicate commonly-used volumes, such as those containing binaries for
- popular programs. Replication means putting an identical read-only copy (sometimes called a clone) of a volume on more than
- one file server machine. The failure of one file server machine housing the volume does not interrupt users' work, because the
- volume's contents are still available from other machines. Replication also means that one machine does not become
- overburdened with requests for files from a popular volume.</P
-><P
->On client machines, AFS uses caching to improve efficiency. When a user on a client workstation requests a file, the
- Cache Manager on the client sends a request for the data to the File Server process running on the proper file server machine.
- The user does not need to know which machine this is; the Cache Manager determines file location automatically. The Cache
- Manager receives the file from the File Server process and puts it into the cache, an area of the client machine's local disk
- or memory dedicated to temporary file storage. Caching improves efficiency because the client does not need to send a request
- across the network every time the user wants the same file. Network traffic is minimized, and subsequent access to the file is
- especially fast because the file is stored locally. AFS has a way of ensuring that the cached file stays up-to-date, called a
- callback.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H3
-CLASS="sect2"
-><A
-NAME="AEN160"
->Security: Mutual Authentication and Access Control Lists</A
-></H3
-><P
->Even in a cell where file sharing is especially frequent and widespread, it is not desirable that every user have equal
- access to every file. One way AFS provides adequate security is by requiring that servers and clients prove their identities
- to one another before they exchange information. This procedure, called mutual authentication, requires that both server and
- client demonstrate knowledge of a "shared secret" (like a password) known only to the two of them. Mutual authentication
- guarantees that servers provide information only to authorized clients and that clients receive information only from
- legitimate servers.</P
-><P
->Users themselves control another aspect of AFS security, by determining who has access to the directories they own. For
- any directory a user owns, he or she can build an access control list (ACL) that grants or denies access to the contents of
- the directory. An access control list pairs specific users with specific types of access privileges. There are seven separate
- permissions and up to twenty different people or groups of people can appear on an access control list.</P
-><P
->For a more detailed description of AFS's mutual authentication procedure, see <A
-HREF="c667.html#HDRWQ75"
->A More Detailed
- Look at Mutual Authentication</A
->. For further discussion of ACLs, see <A
-HREF="c31274.html"
->Managing Access Control
- Lists</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ7"
->More Detailed Discussions of Some Basic Concepts</A
-></H1
-><P
->The previous section offered a brief overview of the many concepts that an AFS system administrator needs to understand.
- The following sections examine some important concepts in more detail. Although not all concepts are new to an experienced
- administrator, reading this section helps ensure a common understanding of term and concepts.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ8"
->Networks</A
-></H2
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->network</I
-></SPAN
-> is a collection of interconnected computers able to communicate with each other and
- transfer information back and forth.</P
-><P
->A networked computing environment contrasts with two types of computing environments: <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mainframe</I
-></SPAN
-> and
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->personal</I
-></SPAN
->. <UL
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mainframe</I
-></SPAN
-> computing environment is the most traditional. It uses a single powerful computer
- (the mainframe) to do the majority of the work in the system, both file storage and computation. It serves many users,
- who access their files and issue commands to the mainframe via terminals, which generally have only enough computing
- power to accept input from a keyboard and to display data on the screen.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->personal</I
-></SPAN
-> computing environment is a single small computer that serves one (or, at the most,
- a few) users. Like a mainframe computer, the single computer stores all the files and performs all computation. Like a
- terminal, the personal computer provides access to the computer through a keyboard and screen.</P
-></LI
-></UL
-></P
-><P
->A network can connect computers of any kind, but the typical network running AFS connects high-function personal
- workstations. Each workstation has some computing power and local disk space, usually more than a personal computer or
- terminal, but less than a mainframe. For more about the classes of machines used in an AFS environment, see <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ9"
->Distributed File Systems</A
-></H2
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->file system</I
-></SPAN
-> is a collection of files and the facilities (programs and commands) that enable users
- to access the information in the files. All computing environments have file systems. In a mainframe environment, the file
- system consists of all the files on the mainframe's storage disks, whereas in a personal computing environment it consists of
- the files on the computer's local disk.</P
-><P
->Networked computing environments often use <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->distributed file systems</I
-></SPAN
-> like AFS. A distributed file
- system takes advantage of the interconnected nature of the network by storing files on more than one computer in the network
- and making them accessible to all of them. In other words, the responsibility for file storage and delivery is "distributed"
- among multiple machines instead of relying on only one. Despite the distribution of responsibility, a distributed file system
- like AFS creates the illusion that there is a single filespace.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ10"
->Servers and Clients</A
-></H2
-><P
->AFS uses a server/client model. In general, a server is a machine, or a process running on a machine, that provides
- specialized services to other machines. A client is a machine or process that makes use of a server's specialized service
- during the course of its own work, which is often of a more general nature than the server's. The functional distinction
- between clients and server is not always strict, however--a server can be considered the client of another server whose
- service it is using.</P
-><P
->AFS divides the machines on a network into two basic classes, <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->file server machines</I
-></SPAN
-> and
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->client machines</I
-></SPAN
->, and assigns different tasks and responsibilities to each.</P
-><DIV
-CLASS="formalpara"
-><P
-><B
->File Server Machines: </B
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->File server machines</I
-></SPAN
-> store the files in the distributed file system, and a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->server
- process</I
-></SPAN
-> running on the file server machine delivers and receives files. AFS file server machines run a number of
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->server processes</I
-></SPAN
->. Each process has a special function, such as maintaining databases important to AFS
- administration, managing security or handling volumes. This modular design enables each server process to specialize in one
- area, and thus perform more efficiently. For a description of the function of each AFS server process, see <A
-HREF="c130.html#HDRWQ17"
->AFS Server Processes and the Cache Manager</A
->.</P
-></DIV
-><P
->Not all AFS server machines must run all of the server processes. Some processes run on only a few machines because the
- demand for their services is low. Other processes run on only one machine in order to act as a synchronization site. See <A
-HREF="c3025.html#HDRWQ90"
->The Four Roles for File Server Machines</A
->.</P
-><DIV
-CLASS="formalpara"
-><P
-><B
->Client Machines: </B
->The other class of machines are the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->client machines</I
-></SPAN
->, which generally work directly for users,
- providing computational power and other general purpose tools. Clients also provide users with access to the files stored on
- the file server machines. Clients do not run any special processes per se, but do use a modified kernel that enables them to
- communicate with the AFS server processes running on the file server machines and to cache files. This collection of kernel
- modifications is referred to as the Cache Manager; see <A
-HREF="c130.html#HDRWQ28"
->The Cache Manager</A
->. There are usually
- many more client machines in a cell than file server machines.</P
-></DIV
-><DIV
-CLASS="formalpara"
-><P
-><B
->Client and Server Configuration: </B
->In the most typical AFS configuration, both file server machines and client machines are high-function workstations
- with disk drives. While this configuration is not required, it does have some advantages.</P
-></DIV
-><P
->There are several advantages to using personal workstations as file server machines. One is that it is easy to expand
- the network by adding another file server machine. It is also easy to increase storage space by adding disks to existing
- machines. Using workstations rather than more powerful mainframes makes it more economical to use multiple file server
- machines rather than one. Multiple file server machines provide an increase in system availability and reliability if popular
- files are available on more than one machine.</P
-><P
->The advantage of using workstations as clients is that caching on the local disk speeds the delivery of files to
- application programs. (For an explanation of caching, see <A
-HREF="c130.html#HDRWQ16"
->Caching and Callbacks</A
->.) Diskless
- machines can access AFS if they are running NFS(R) and the NFS/AFS Translator, an optional component of the AFS
- distribution.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ11"
->Cells</A
-></H2
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cell</I
-></SPAN
-> is an independently administered site running AFS. In terms of hardware, it consists of a
- collection of file server machines and client machines defined as belonging to the cell; a machine can only belong to one cell
- at a time. Users also belong to a cell in the sense of having an account in it, but unlike machines can belong to (have an
- account in) multiple cells. To say that a cell is administratively independent means that its administrators determine many
- details of its configuration without having to consult administrators in other cells or a central authority. For example, a
- cell administrator determines how many machines of different types to run, where to put files in the local tree, how to
- associate volumes and directories, and how much space to allocate to each user.</P
-><P
->The terms <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->local cell</I
-></SPAN
-> and <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->home cell</I
-></SPAN
-> are equivalent, and refer to the cell in
- which a user has initially authenticated during a session, by logging onto a machine that belongs to that cell. All other
- cells are referred to as <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->foreign</I
-></SPAN
-> from the user's perspective. In other words, throughout a login session,
- a user is accessing the filespace through a single Cache Manager--the one on the machine to which he or she initially logged
- in--whose cell membership defines the local cell. All other cells are considered foreign during that login session, even if
- the user authenticates in additional cells or uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd</B
-></SPAN
-> command to change directories into
- their file trees.</P
-><P
->It is possible to maintain more than one cell at a single geographical location. For instance, separate departments on a
- university campus or in a corporation can choose to administer their own cells. It is also possible to have machines at
- geographically distant sites belong to the same cell; only limits on the speed of network communication determine how
- practical this is.</P
-><P
->Despite their independence, AFS cells generally agree to make their local filespace visible to other AFS cells, so that
- users in different cells can share files if they choose. If your cell is to participate in the "global" AFS namespace, it must
- comply with a few basic conventions governing how the local filespace is configured and how the addresses of certain file
- server machines are advertised to the outside world.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ12"
->The Uniform Namespace and Transparent Access</A
-></H2
-><P
->One of the features that makes AFS easy to use is that it provides transparent access to the files in a cell's
- filespace. Users do not have to know which file server machine stores a file in order to access it; they simply provide the
- file's pathname, which AFS automatically translates into a machine location.</P
-><P
->In addition to transparent access, AFS also creates a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->uniform namespace</I
-></SPAN
->--a file's pathname is
- identical regardless of which client machine the user is working on. The cell's file tree looks the same when viewed from any
- client because the cell's file server machines store all the files centrally and present them in an identical manner to all
- clients.</P
-><P
->To enable the transparent access and the uniform namespace features, the system administrator must follow a few simple
- conventions in configuring client machines and file trees. For details, see <A
-HREF="c667.html#HDRWQ39"
->Making Other Cells Visible
- in Your Cell</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ13"
->Volumes</A
-></H2
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume</I
-></SPAN
-> is a conceptual container for a set of related files that keeps them all together on one
- file server machine partition. Volumes can vary in size, but are (by definition) smaller than a partition. Volumes are the
- main administrative unit in AFS, and have several characteristics that make administrative tasks easier and help improve
- overall system performance. <UL
-><LI
-><P
->The relatively small size of volumes makes them easy to move from one partition to another, or even between
- machines.</P
-></LI
-><LI
-><P
->You can maintain maximum system efficiency by moving volumes to keep the load balanced evenly among the different
- machines. If a partition becomes full, the small size of individual volumes makes it easy to find enough room on other
- machines for them.</P
-></LI
-><LI
-><P
->Each volume corresponds logically to a directory in the file tree and keeps together, on a single partition, all
- the data that makes up the files in the directory. By maintaining (for example) a separate volume for each user's home
- directory, you keep all of the user's files together, but separate from those of other users. This is an administrative
- convenience that is impossible if the partition is the smallest unit of storage.</P
-></LI
-><LI
-><P
->The directory/volume correspondence also makes transparent file access possible, because it simplifies the process
- of file location. All files in a directory reside together in one volume and in order to find a file, a file server
- process need only know the name of the file's parent directory, information which is included in the file's pathname.
- AFS knows how to translate the directory name into a volume name, and automatically tracks every volume's location, even
- when a volume is moved from machine to machine. For more about the directory/volume correspondence, see <A
-HREF="c130.html#HDRWQ14"
->Mount Points</A
->.</P
-></LI
-><LI
-><P
->Volumes increase file availability through replication and backup.</P
-></LI
-><LI
-><P
->Replication (placing copies of a volume on more than one file server machine) makes the contents more reliably
- available; for details, see <A
-HREF="c130.html#HDRWQ15"
->Replication</A
->. Entire sets of volumes can be backed up to tape
- and restored to the file system; see <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
-> and <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
->. In AFS, backup also refers to recording the state of a
- volume at a certain time and then storing it (either on tape or elsewhere in the file system) for recovery in the event
- files in it are accidentally deleted or changed. See <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->.</P
-></LI
-><LI
-><P
->Volumes are the unit of resource management. A space quota associated with each volume sets a limit on the maximum
- volume size. See <A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume Quota and Current Size</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ14"
->Mount Points</A
-></H2
-><P
->The previous section discussed how each volume corresponds logically to a directory in the file system: the volume keeps
- together on one partition all the data in the files residing in the directory. The directory that corresponds to a volume is
- called its <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->root directory</I
-></SPAN
->, and the mechanism that associates the directory and volume is called a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mount point</I
-></SPAN
->. A mount point is similar to a symbolic link in the file tree that specifies which volume
- contains the files kept in a directory. A mount point is not an actual symbolic link; its internal structure is
- different.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->You must not create a symbolic link to a file whose name begins with the number sign (#) or the percent sign (%),
- because the Cache Manager interprets such a link as a mount point to a regular or read/write volume, respectively.</P
-></BLOCKQUOTE
-></DIV
-><P
->The use of mount points means that many of the elements in an AFS file tree that look and function just like standard
- UNIX file system directories are actually mount points. In form, a mount point is a one-line file that names the volume
- containing the data for files in the directory. When the Cache Manager (see <A
-HREF="c130.html#HDRWQ28"
->The Cache Manager</A
->)
- encounters a mount point--for example, in the course of interpreting a pathname--it looks in the volume named in the mount
- point. In the volume the Cache Manager finds an actual UNIX-style directory element--the volume's root directory--that lists
- the files contained in the directory/volume. The next element in the pathname appears in that list.</P
-><P
->A volume is said to be <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mounted</I
-></SPAN
-> at the point in the file tree where there is a mount point pointing
- to the volume. A volume's contents are not visible or accessible unless it is mounted.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ15"
->Replication</A
-></H2
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Replication</I
-></SPAN
-> refers to making a copy, or <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->clone</I
-></SPAN
->, of a source read/write volume
- and then placing the copy on one or more additional file server machines in a cell. One benefit of replicating a volume is
- that it increases the availability of the contents. If one file server machine housing the volume fails, users can still
- access the volume on a different machine. No one machine need become overburdened with requests for a popular file, either,
- because the file is available from several machines.</P
-><P
->Replication is not necessarily appropriate for cells with limited disk space, nor are all types of volumes equally
- suitable for replication (replication is most appropriate for volumes that contain popular files that do not change very
- often). For more details, see <A
-HREF="c667.html#HDRWQ50"
->When to Replicate Volumes</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ16"
->Caching and Callbacks</A
-></H2
-><P
->Just as replication increases system availability, <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->caching</I
-></SPAN
-> increases the speed and efficiency of
- file access in AFS. Each AFS client machine dedicates a portion of its local disk or memory to a cache where it stores data
- temporarily. Whenever an application program (such as a text editor) running on a client machine requests data from an AFS
- file, the request passes through the Cache Manager. The Cache Manager is a portion of the client machine's kernel that
- translates file requests from local application programs into cross-network requests to the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->File Server
- process</I
-></SPAN
-> running on the file server machine storing the file. When the Cache Manager receives the requested data
- from the File Server, it stores it in the cache and then passes it on to the application program.</P
-><P
->Caching improves the speed of data delivery to application programs in the following ways:</P
-><UL
-><LI
-><P
->When the application program repeatedly asks for data from the same file, it is already on the local disk. The
- application does not have to wait for the Cache Manager to request and receive the data from the File Server.</P
-></LI
-><LI
-><P
->Caching data eliminates the need for repeated request and transfer of the same data, so network traffic is reduced.
- Thus, initial requests and other traffic can get through more quickly.</P
-></LI
-></UL
-><P
->While caching provides many advantages, it also creates the problem of maintaining consistency among the many cached
- copies of a file and the source version of a file. This problem is solved using a mechanism referred to as a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->callback</I
-></SPAN
->.</P
-><P
->A callback is a promise by a File Server to a Cache Manager to inform the latter when a change is made to any of the
- data delivered by the File Server. Callbacks are used differently based on the type of file delivered by the File Server:
- <UL
-><LI
-><P
->When a File Server delivers a writable copy of a file (from a read/write volume) to the Cache Manager, the File
- Server sends along a callback with that file. If the source version of the file is changed by another user, the File
- Server breaks the callback associated with the cached version of that file--indicating to the Cache Manager that it
- needs to update the cached copy.</P
-></LI
-><LI
-><P
->When a File Server delivers a file from a read-only volume to the Cache Manager, the File Server sends along a
- callback associated with the entire volume (so it does not need to send any more callbacks when it delivers additional
- files from the volume). Only a single callback is required per accessed read-only volume because files in a read-only
- volume can change only when a new version of the complete volume is released. All callbacks associated with the old
- version of the volume are broken at release time.</P
-></LI
-></UL
-></P
-><P
->The callback mechanism ensures that the Cache Manager always requests the most up-to-date version of a file. However, it
- does not ensure that the user necessarily notices the most current version as soon as the Cache Manager has it. That depends
- on how often the application program requests additional data from the File System or how often it checks with the Cache
- Manager.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ17"
->AFS Server Processes and the Cache Manager</A
-></H1
-><P
->As mentioned in <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->, AFS file server machines run a number of processes,
- each with a specialized function. One of the main responsibilities of a system administrator is to make sure that processes are
- running correctly as much of the time as possible, using the administrative services that the server processes provide.</P
-><P
->The following list briefly describes the function of each server process and the Cache Manager; the following sections
- then discuss the important features in more detail.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->File Server</I
-></SPAN
->, the most fundamental of the servers, delivers data files from the file server
- machine to local workstations as requested, and stores the files again when the user saves any changes to the files.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Basic OverSeer Server (BOS Server)</I
-></SPAN
-> ensures that the other server processes on its server machine
- are running correctly as much of the time as possible, since a server is useful only if it is available. The BOS Server relieves
- system administrators of much of the responsibility for overseeing system operations.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Authentication Server</I
-></SPAN
-> helps ensure that communications on the network are secure. It verifies
- user identities at login and provides the facilities through which participants in transactions prove their identities to one
- another (mutually authenticate). It maintains the Authentication Database.</P
-><P
->The Protection Server helps users control who has access to their files and directories. Users can grant access to several
- other users at once by putting them all in a group entry in the Protection Database maintained by the Protection Server.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Volume Server</I
-></SPAN
-> performs all types of volume manipulation. It helps the administrator move volumes
- from one server machine to another to balance the workload among the various machines.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Volume Location Server (VL Server)</I
-></SPAN
-> maintains the Volume Location Database (VLDB), in which it
- records the location of volumes as they move from file server machine to file server machine. This service is the key to
- transparent file access for users.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Update Server</I
-></SPAN
-> distributes new versions of AFS server process software and configuration
- information to all file server machines. It is crucial to stable system performance that all server machines run the same
- software.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Backup Server</I
-></SPAN
-> maintains the Backup Database, in which it stores information related to the Backup
- System. It enables the administrator to back up data from volumes to tape. The data can then be restored from tape in the event
- that it is lost from the file system.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Salvager</I
-></SPAN
-> is not a server in the sense that others are. It runs only after the File Server or
- Volume Server fails; it repairs any inconsistencies caused by the failure. The system administrator can invoke it directly if
- necessary.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Network Time Protocol Daemon (NTPD)</I
-></SPAN
-> is not an AFS server process per se, but plays a vital role
- nonetheless. It synchronizes the internal clock on a file server machine with those on other machines. Synchronized clocks are
- particularly important for correct functioning of the AFS distributed database technology (known as Ubik); see <A
-HREF="c3025.html#HDRWQ103"
->Configuring the Cell for Proper Ubik Operation</A
->. The NTPD is controlled by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->runntp</B
-></SPAN
-> process.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Cache Manager</I
-></SPAN
-> is the one component in this list that resides on AFS client rather than file
- server machines. It not a process per se, but rather a part of the kernel on AFS client machines that communicates with AFS
- server processes. Its main responsibilities are to retrieve files for application programs running on the client and to maintain
- the files in the cache.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ18"
->The File Server</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->File Server</I
-></SPAN
-> is the most fundamental of the AFS server processes and runs on each file server
- machine. It provides the same services across the network that the UNIX file system provides on the local disk: <UL
-><LI
-><P
->Delivering programs and data files to client workstations as requested and storing them again when the client
- workstation finishes with them.</P
-></LI
-><LI
-><P
->Maintaining the hierarchical directory structure that users create to organize their files.</P
-></LI
-><LI
-><P
->Handling requests for copying, moving, creating, and deleting files and directories.</P
-></LI
-><LI
-><P
->Keeping track of status information about each file and directory (including its size and latest modification
- time).</P
-></LI
-><LI
-><P
->Making sure that users are authorized to perform the actions they request on particular files or
- directories.</P
-></LI
-><LI
-><P
->Creating symbolic and hard links between files.</P
-></LI
-><LI
-><P
->Granting advisory locks (corresponding to UNIX locks) on request.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ19"
->The Basic OverSeer Server</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Basic OverSeer Server (BOS Server)</I
-></SPAN
-> reduces the demands on system administrators by constantly
- monitoring the processes running on its file server machine. It can restart failed processes automatically and provides a
- convenient interface for administrative tasks.</P
-><P
->The BOS Server runs on every file server machine. Its primary function is to minimize system outages. It also</P
-><UL
-><LI
-><P
->Constantly monitors the other server processes (on the local machine) to make sure they are running
- correctly.</P
-></LI
-><LI
-><P
->Automatically restarts failed processes, without contacting a human operator. When restarting multiple server
- processes simultaneously, the BOS server takes interdependencies into account and initiates restarts in the correct
- order.</P
-></LI
-><LI
-><P
->Accepts requests from the system administrator. Common reasons to contact BOS are to verify the status of server
- processes on file server machines, install and start new processes, stop processes either temporarily or permanently, and
- restart dead processes manually.</P
-></LI
-><LI
-><P
->Helps system administrators to manage system configuration information. The BOS server automates the process of
- adding and changing <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->server encryption keys</I
-></SPAN
->, which are important in mutual authentication. The BOS
- Server also provides a simple interface for modifying two files that contain information about privileged users and
- certain special file server machines. For more details about these configuration files, see <A
-HREF="c3025.html#HDRWQ85"
->Common
- Configuration Files in the /usr/afs/etc Directory</A
->.</P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ20"
->The Authentication Server</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Authentication Server</I
-></SPAN
-> performs two main functions related to network security: <UL
-><LI
-><P
->Verifying the identity of users as they log into the system by requiring that they provide a password. The
- Authentication Server grants the user a token as proof to AFS server processes that the user has authenticated. For more
- on tokens, see <A
-HREF="c667.html#HDRWQ76"
->Complex Mutual Authentication</A
->.</P
-></LI
-><LI
-><P
->Providing the means through which server and client processes prove their identities to each other (mutually
- authenticate). This helps to create a secure environment in which to send cross-network messages.</P
-></LI
-></UL
-></P
-><P
->In fulfilling these duties, the Authentication Server utilizes algorithms and other procedures known as
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Kerberos</I
-></SPAN
-> (which is why many commands used to contact the Authentication Server begin with the letter
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
->). This technology was originally developed by the Massachusetts Institute of Technology's
- Project Athena.</P
-><P
->The Authentication Server also maintains the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Authentication Database</I
-></SPAN
->, in which it stores user
- passwords converted into encryption key form as well as the AFS server encryption key. To learn more about the procedures AFS
- uses to verify user identity and during mutual authentication, see <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual
- Authentication</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ21"
->The Protection Server</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Protection Server</I
-></SPAN
-> is the key to AFS's refinement of the normal UNIX methods for protecting
- files and directories from unauthorized use. The refinements include the following: <UL
-><LI
-><P
->Defining seven access permissions rather than the standard UNIX file system's three. In conjunction with the UNIX
- mode bits associated with each file and directory element, AFS associates an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->access control list
- (ACL)</I
-></SPAN
-> with each directory. The ACL specifies which users have which of the seven specific permissions for the
- directory and all the files it contains. For a definition of AFS's seven access permissions and how users can set them
- on access control lists, see <A
-HREF="c31274.html"
->Managing Access Control Lists</A
->.</P
-></LI
-><LI
-><P
->Enabling users to grant permissions to numerous individual users--a different combination to each individual if
- desired. UNIX protection distinguishes only between three user or groups: the owner of the file, members of a single
- specified group, and everyone who can access the local file system.</P
-></LI
-><LI
-><P
->Enabling users to define their own groups of users, recorded in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Protection Database</I
-></SPAN
->
- maintained by the Protection Server. The groups then appear on directories' access control lists as though they were
- individuals, which enables the granting of permissions to many users simultaneously.</P
-></LI
-><LI
-><P
->Enabling system administrators to create groups containing client machine IP addresses to permit access when it
- originates from the specified client machines. These types of groups are useful when it is necessary to adhere to
- machine-based licensing restrictions.</P
-></LI
-></UL
-></P
-><P
->The Protection Server's main duty is to help the File Server determine if a user is authorized to access a file in the
- requested manner. The Protection Server creates a list of all the groups to which the user belongs. The File Server then
- compares this list to the ACL associated with the file's parent directory. A user thus acquires access both as an individual
- and as a member of any groups.</P
-><P
->The Protection Server also maps usernames (the name typed at the login prompt) to <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->AFS user ID</I
-></SPAN
->
- numbers (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->AFS UIDs</I
-></SPAN
->). These UIDs are functionally equivalent to UNIX UIDs, but operate in the domain of AFS
- rather than in the UNIX file system on a machine's local disk. This conversion service is essential because the tokens that
- the Authentication Server grants to authenticated users are stamped with usernames (to comply with Kerberos standards). The
- AFS server processes identify users by AFS UID, not by username. Before they can understand whom the token represents, they
- need the Protection Server to translate the username into an AFS UID. For further discussion of tokens, see <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual Authentication</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ22"
->The Volume Server</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Volume Server</I
-></SPAN
-> provides the interface through which you create, delete, move, and replicate
- volumes, as well as prepare them for archiving to tape or other media (backing up). <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->
- explained the advantages gained by storing files in volumes. Creating and deleting volumes are necessary when adding and
- removing users from the system; volume moves are done for load balancing; and replication enables volume placement on multiple
- file server machines (for more on replication, see <A
-HREF="c130.html#HDRWQ15"
->Replication</A
->).</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ23"
->The Volume Location (VL) Server</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->VL Server</I
-></SPAN
-> maintains a complete list of volume locations in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Volume Location
- Database (VLDB)</I
-></SPAN
->. When the Cache Manager (see <A
-HREF="c130.html#HDRWQ28"
->The Cache Manager</A
->) begins to fill a
- file request from an application program, it first contacts the VL Server in order to learn which file server machine
- currently houses the volume containing the file. The Cache Manager then requests the file from the File Server process running
- on that file server machine.</P
-><P
->The VLDB and VL Server make it possible for AFS to take advantage of the increased system availability gained by using
- multiple file server machines, because the Cache Manager knows where to find a particular file. Indeed, in a certain sense the
- VL Server is the keystone of the entire file system--when the information in the VLDB is inaccessible, the Cache Manager
- cannot retrieve files, even if the File Server processes are working properly. A list of the information stored in the VLDB
- about each volume is provided in <A
-HREF="c8420.html#HDRWQ180"
->Volume Information in the VLDB</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ24"
->The Update Server</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Update Server</I
-></SPAN
-> helps guarantee that all file server machines are running the same version of a
- server process. System performance can be inconsistent if some machines are running one version of the BOS Server (for
- example) and other machines were running another version.</P
-><P
->To ensure that all machines run the same version of a process, install new software on a single file server machine of
- each system type, called the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->binary distribution machine</I
-></SPAN
-> for that type. The binary distribution machine
- runs the server portion of the Update Server, whereas all the other machines of that type run the client portion of the Update
- Server. The client portions check frequently with the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->server portion</I
-></SPAN
-> to see if they are running the right
- version of every process; if not, the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->client portion</I
-></SPAN
-> retrieves the right version from the binary
- distribution machine and installs it locally. The system administrator does not need to remember to install new software
- individually on all the file server machines: the Update Server does it automatically. For more on binary distribution
- machines, see <A
-HREF="c3025.html#HDRWQ93"
->Binary Distribution Machines</A
->.</P
-><P
->In cells that run the United States edition of AFS, the Update Server also distributes configuration files that all file
- server machines need to store on their local disks (for a description of the contents and purpose of these files, see <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->). As with server process software, the need
- for consistent system performance demands that all the machines have the same version of these files. With the United States
- edition, the system administrator needs to make changes to these files on one machine only, the cell's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->system
- control machine</I
-></SPAN
->, which runs a server portion of the Update Server. All other machines in the cell run a client
- portion that accesses the correct versions of these configuration files from the system control machine. Cells running the
- international edition of AFS do not use a system control machine to distribute configuration files. For more information, see
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ25"
->The Backup Server</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Backup Server</I
-></SPAN
-> maintains the information in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Backup Database</I
-></SPAN
->. The Backup
- Server and the Backup Database enable administrators to back up data from AFS volumes to tape and restore it from tape to the
- file system if necessary. The server and database together are referred to as the Backup System.</P
-><P
->Administrators initially configure the Backup System by defining sets of volumes to be dumped together and the schedule
- by which the sets are to be dumped. They also install the system's tape drives and define the drives' <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Tape
- Coordinators</I
-></SPAN
->, which are the processes that control the tape drives.</P
-><P
->Once the Backup System is configured, user and system data can be dumped from volumes to tape. In the event that data is
- ever lost from the system (for example, if a system or disk failure causes data to be lost), administrators can restore the
- data from tape. If tapes are periodically archived, or saved, data can also be restored to its state at a specific time.
- Additionally, because Backup System data is difficult to reproduce, the Backup Database itself can be backed up to tape and
- restored if it ever becomes corrupted. For more information on configuring and using the Backup System, see <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
-> and <A
-HREF="c15383.html"
->Backing Up and Restoring AFS
- Data</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ26"
->The Salvager</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Salvager</I
-></SPAN
-> differs from other AFS Servers in that it runs only at selected times. The BOS Server
- invokes the Salvager when the File Server, Volume Server, or both fail. The Salvager attempts to repair disk corruption that
- can result from a failure.</P
-><P
->As a system administrator, you can also invoke the Salvager as necessary, even if the File Server or Volume Server has
- not failed. See <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ27"
->The Network Time Protocol Daemon</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Network Time Protocol Daemon (NTPD)</I
-></SPAN
-> is not an AFS server process per se, but plays an important
- role. It helps guarantee that all of the file server machines agree on the time. The NTPD on one file server machine acts as a
- synchronization site, generally learning the correct time from a source outside the cell. The NTPDs on the other file server
- machines refer to the synchronization site to set the internal clocks on their machines.</P
-><P
->Keeping clocks synchronized is particularly important to the correct operation of AFS's distributed database technology,
- which coordinates the copies of the Authentication, Backup, Protection, and Volume Location Databases; see <A
-HREF="c667.html#HDRWQ52"
->Replicating the AFS Administrative Databases</A
->. Client machines also refer to these clocks for the
- correct time; therefore, it is less confusing if all file server machines have the same time. For more technical detail about
- the NTPD, see <A
-HREF="c6449.html#HDRWQ151"
->The runntp Process</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ28"
->The Cache Manager</A
-></H2
-><P
->As already mentioned in <A
-HREF="c130.html#HDRWQ16"
->Caching and Callbacks</A
->, the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Cache Manager</I
-></SPAN
-> is
- the one component in this section that resides on client machines rather than on file server machines. It is not technically a
- stand-alone process, but rather a set of extensions or modifications in the client machine's kernel that enable communication
- with the server processes running on server machines. Its main duty is to translate file requests (made by application
- programs on client machines) into <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->remote procedure calls (RPCs)</I
-></SPAN
-> to the File Server. (The Cache Manager
- first contacts the VL Server to find out which File Server currently houses the volume that contains a requested file, as
- mentioned in <A
-HREF="c130.html#HDRWQ23"
->The Volume Location (VL) Server</A
->). When the Cache Manager receives the requested
- file, it caches it before passing data on to the application program.</P
-><P
->The Cache Manager also tracks the state of files in its cache compared to the version at the File Server by storing the
- callbacks sent by the File Server. When the File Server breaks a callback, indicating that a file or volume changed, the Cache
- Manager requests a copy of the new version before providing more data to application programs.</P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="p128.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c667.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Concepts and Configuration Issues</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p128.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Issues in Cell Configuration and Administration</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Backing Up and Restoring AFS Data</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing File Server Machines"
-HREF="p3023.html"><LINK
-REL="PREVIOUS"
-TITLE="Configuring the AFS Backup System"
-HREF="c12776.html"><LINK
-REL="NEXT"
-TITLE="Monitoring and Auditing AFS Performance"
-HREF="c18360.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c12776.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c18360.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ283"
-></A
->Chapter 7. Backing Up and Restoring AFS Data</H1
-><P
->The instructions in this chapter explain how to back up and restore AFS data and to administer the Backup Database. They
- assume that you have already configured all of the Backup System components by following the instructions in <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
->.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ284"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN15390"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="70*"><COL
-WIDTH="30*"><TBODY
-><TR
-><TD
->Enter interactive mode</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup (interactive)</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Leave interactive mode</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) quit</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->List operations in interactive mode</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) jobs</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Cancel operation in interactive mode</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Start Tape Coordinator</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Stop Tape Coordinator</TD
-><TD
-><<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->></TD
-></TR
-><TR
-><TD
->Check status of Tape Coordinator</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup status</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Back up data</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display dump records</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display volume's dump history</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volinfo</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Scan contents of tape</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Restore volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Restore partition</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Restore group of volumes</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Verify integrity of Backup Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dbverify</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Repair corruption in Backup Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup restoredb</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Delete dump set from Backup Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup deletedump</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ286"
->Using the Backup System's Interfaces</A
-></H1
-><P
->When performing backup operations, you interact with three Backup System components: <UL
-><LI
-><P
->You initiate backup operations by issuing commands from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> suite. You can
- issue the commands in a command shell (or invoke them in a shell script) on any AFS client or server machine from which
- you can access the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> binary. In the conventional configuration, the binary resides
- in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory on a server machine and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/etc</B
-></SPAN
-> directory on a client machine.</P
-><P
->The suite provides an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->interactive mode</I
-></SPAN
->, in which you can issue multiple commands over a
- persistent connection to the Backup Server and the Volume Location (VL) Server. Interactive mode has several convenient
- features. For a discussion and instructions, see <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command
- Mode</A
->.</P
-><P
->Note that some operating systems include a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command of their own. You must
- configure machines that run such an operating system to ensure that you are accessing the desired <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> binary.</P
-></LI
-><LI
-><P
->Before you perform a backup operation that involves reading or writing to a tape device or backup data file, you
- must open a dedicated connection to the appropriate Tape Coordinator machine and start the Tape Coordinator (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->) process that handles the device or file. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> process
- must continue to run over the dedicated connection as long as it is executing an operation or is to be available to
- execute one. For further discussion and instructions, see <A
-HREF="c15383.html#HDRWQ291"
->Starting and Stopping the Tape
- Coordinator Process</A
->.</P
-></LI
-><LI
-><P
->The Backup Server (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver</B
-></SPAN
->) process must be running on database server machines,
- because most backup operations require accessing or changing information in the Backup Database. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS
- Quick Beginnings</I
-></SPAN
-> explains how to configure the Backup Server.</P
-></LI
-></UL
-></P
-><P
->For consistent Backup System performance, the AFS build level of all three binaries (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver</B
-></SPAN
->) must match.
- For instructions on displaying the build level, see <A
-HREF="c3025.html#HDRWQ117"
->Displaying A Binary File's Build
- Level</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ287"
->Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A
-></H2
-><P
->By default, the volumes and Backup Database involved in a backup operation must reside on server machines that belong to
- the cell named in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> files on both the Tape Coordinator machine and
- the machine where you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command. Also, to issue most <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands you must have AFS tokens for an identity listed in the local cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file (which by convention is the same on every server machine in a cell). You
- can, however, perform backup operations on volumes or the Backup Database from a foreign cell, or perform backup operations
- while logged in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> rather than as a privileged AFS identity.</P
-><P
->To perform backup operations on volumes that reside in a foreign cell using machines from the local cell, you must
- designate the foreign cell as the cell of execution for both the Tape Coordinator and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command interpreter. Use one of the two following methods. For either method, you must also have
- tokens as an administrator listed in the foreign cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file.
- <UL
-><LI
-><P
->Before issuing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->
- command, set the AFSCELL environment variable to the foreign cell name in both command shells.</P
-></LI
-><LI
-><P
->Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> and all
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands. If you include the argument on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- (interactive)</B
-></SPAN
-> command, it applies to all commands issued during the interactive session.</P
-></LI
-></UL
-></P
-><P
->To perform backup operations without having administrative AFS tokens, you must log on as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on both the Tape Coordinator machine and the machine where you issue <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands. Both machines must be server machines, or at least have a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file that matches the file on other server machines. Then include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> argument on both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command and all <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands (or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup (interactive)</B
-></SPAN
-> command). The Tape
- Coordinator and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command interpreter construct a server ticket using the server
- encryption key with the highest key version number in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file,
- and present it to the Backup Server, Volume Server, and VL Server that belong to the cell named in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/ThisCell</B
-></SPAN
-> file. The ticket never expires.</P
-><P
->You cannot combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> options on
- the same command. Also, each one overrides the local cell setting defined by the AFSCELL environment variable or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> file.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ288"
->Using Interactive and Regular Command Mode</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command suite provides an interactive mode, in which you can issue multiple
- commands over a persistent connection to the Backup Server and the VL Server. Interactive mode provides the following
- features: <UL
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->backup></SAMP
-> prompt replaces the usual command shell prompt.</P
-></LI
-><LI
-><P
->You omit the initial <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> string from command names. Type only the operation
- code and option names.</P
-></LI
-><LI
-><P
->You cannot issue commands that do not belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> suite.</P
-></LI
-><LI
-><P
->If you assume an administrative AFS identity or specify a foreign cell as you enter interactive mode, it applies
- to all commands issued during the interactive session. See <A
-HREF="c15383.html#HDRWQ287"
->Performing Backup Operations as the
- Local Superuser Root or in a Foreign Cell</A
->.</P
-></LI
-><LI
-><P
->You do not need to enclose shell metacharacters in double quotes.</P
-></LI
-></UL
-></P
-><P
->When you initiate a backup operation in interactive mode, the Backup System assigns it a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->job ID
- number</I
-></SPAN
->. You can display the list of current and pending operations with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup)
- jobs</B
-></SPAN
-> command, for which instructions appear in <A
-HREF="c15383.html#HDRWQ289"
->To display pending or running jobs in
- interactive mode</A
->. (In both regular and interactive modes, the Tape Coordinator also assigns a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->task ID
- number</I
-></SPAN
-> to each operation you initiate with a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command. You can track task ID
- numbers with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup status</B
-></SPAN
-> command. See <A
-HREF="c15383.html#HDRWQ291"
->Starting and Stopping
- the Tape Coordinator Process</A
->.)</P
-><P
->You can cancel an operation in interactive mode with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command, for
- which instructions appear in <A
-HREF="c15383.html#HDRWQ290"
->To cancel operations in interactive mode</A
->. However, it is best not
- to interrupt a dump operation because the resulting dump is incomplete, and interrupting a restore operation can leave volumes
- in an inconsistent state, or even completely remove them from the server machine. For further discussion, see <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
-> and <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) jobs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> commands are
- available only in interactive mode and there is no equivalent functionality in regular command mode.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_325"
->To enter interactive mode</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. Entering interactive mode does not itself require privilege, but most other <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
- commands do, and the AFS identity you assume when entering the mode applies to all commands you issue within it. If
- necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup (interactive)</B
-></SPAN
-> command at the system prompt. The
- <SAMP
-CLASS="computeroutput"
->backup></SAMP
-> prompt appears. You can include either, but not both, of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> options, as discussed in <A
-HREF="c15383.html#HDRWQ287"
->Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
- backup>
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_326"
->To exit interactive mode</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quit</B
-></SPAN
-> command at the <SAMP
-CLASS="computeroutput"
->backup></SAMP
-> prompt.
- The command shell prompt reappears when the command succeeds, which it does only if there are no jobs pending or currently
- running. To display and cancel pending or running jobs, follow the instructions in <A
-HREF="c15383.html#HDRWQ289"
->To display
- pending or running jobs in interactive mode</A
-> and <A
-HREF="c15383.html#HDRWQ290"
->To cancel operations in interactive
- mode</A
->. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quit</B
-></SPAN
->
- %
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ289"
->To display pending or running jobs in interactive mode</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jobs</B
-></SPAN
-> command at the <SAMP
-CLASS="computeroutput"
->backup></SAMP
-> prompt.
- <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jobs</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->j</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jobs</B
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The output always includes the expiration date and time of the tokens that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
- command interpreter is using during the current interactive session, in the following format:</P
-><PRE
-CLASS="programlisting"
-> date time: TOKEN EXPIRATION
-</PRE
-><P
->If the execution date and time specified for a scheduled dump operation is later than <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->date time</I
-></SPAN
->,
- then its individual line (as described in the following paragraphs) appears below this line to indicate that the current
- tokens will not be available to it.</P
-><P
->If the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command included the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> flag when entering interactive mode, the line instead reads as follows:</P
-><PRE
-CLASS="programlisting"
-> : TOKEN NEVER EXPIRES
-</PRE
-><P
->The entry for a scheduled dump operation has the following format:</P
-><PRE
-CLASS="programlisting"
-> Job job_ID: timestamp: dump volume_set dump_level
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->job_ID</B
-></SPAN
-></DT
-><DD
-><P
->Is a job identification number assigned by the Backup System.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->timestamp</B
-></SPAN
-></DT
-><DD
-><P
->Indicates the date and time the dump operation is to begin, in the format month/date/year hours:minutes (in
- 24-hour format)</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume_set</B
-></SPAN
-></DT
-><DD
-><P
->Indicates the volume set to dump.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dump_level</B
-></SPAN
-></DT
-><DD
-><P
->Indicates the dump level at which to perform the dump operation.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The line for a pending or running operation of any other type has the following format:</P
-><PRE
-CLASS="programlisting"
-> Job job_ID: operation status
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->job_ID</B
-></SPAN
-></DT
-><DD
-><P
->Is a job identification number assigned by the Backup System.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->operation</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the operation the Tape Coordinator is performing, which is initiated by the indicated command:
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Dump</SAMP
-> (dump name)</B
-></SPAN
-></DT
-><DD
-><P
->Initiated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command. The dump name has the following
- format:</P
-><P
->volume_set_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->dump_level_name</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Restore</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Initiated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volrestore</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-> command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Labeltape</SAMP
-> (tape_label)</B
-></SPAN
-></DT
-><DD
-><P
->Initiated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command. The tape_label is the name
- specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pname</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Scantape</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Initiated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->SaveDb</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Initiated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->RestoreDb</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Initiated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup restoredb</B
-></SPAN
-> command.</P
-></DD
-></DL
-></DIV
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->status</B
-></SPAN
-></DT
-><DD
-><P
->Indicates the job's current status in one of the following messages. If no message appears, the job is either
- still pending or has finished. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->number <SAMP
-CLASS="computeroutput"
->Kbytes, volume volume_name</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->For a running dump operation, indicates the number of kilobytes copied to tape or a backup data file so
- far, and the volume currently being dumped.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->number <SAMP
-CLASS="computeroutput"
->Kbytes, restore.volume</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->For a running restore operation, indicates the number of kilobytes copied into AFS from a tape or a
- backup data file so far.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[abort requested]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command was issued, but the termination signal has
- yet to reach the Tape Coordinator.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[abort sent]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The operation is canceled by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command. Once the Backup
- System removes an operation from the queue or stops it from running, it no longer appears at all in the output
- from the command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[butc contact lost]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command interpreter cannot reach the Tape Coordinator. The
- message can mean either that the Tape Coordinator handling the operation was terminated or failed while the
- operation was running, or that the connection to the Tape Coordinator timed out.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[done]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The Tape Coordinator has finished the operation.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[drive wait]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The operation is waiting for the specified tape drive to become free.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[operator wait]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The Tape Coordinator is waiting for the backup operator to insert a tape in the drive.</P
-></DD
-></DL
-></DIV
-></P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ290"
->To cancel operations in interactive mode</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jobs</B
-></SPAN
-> command at the <SAMP
-CLASS="computeroutput"
->backup></SAMP
-> prompt,
- to learn the job ID number of the operation you want to cancel. For details, see <A
-HREF="c15383.html#HDRWQ289"
->To display
- pending or running jobs in interactive mode</A
->. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jobs</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command to cancel the operation. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kill</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->job ID or dump set name</I
-></SPAN
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kill</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->job ID or dump set name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies either the job ID number of the operation to cancel, as reported by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jobs</B
-></SPAN
-> command, or for a dump operation only, the dump name in the format
- volume_set_name.dump_level_name.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ291"
->Starting and Stopping the Tape Coordinator Process</A
-></H2
-><P
->Before performing a backup operation that reads from or writes to a tape device or backup data file, you must start the
- Tape Coordinator (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->) process that handles the drive or file. This section explains how to
- start, stop, and check the status of a Tape Coordinator process. To use these instructions, you must have already configured
- the Tape Coordinator machine and created a Tape Coordinator entry in the Backup Database, as instructed in <A
-HREF="c12776.html#HDRWQ261"
->Configuring Tape Coordinator Machines and Tape Devices</A
->.</P
-><P
->The Tape Coordinator assigns a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->task ID number</I
-></SPAN
-> to each operation it performs. The number is distinct
- from the job ID number assigned by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command interpreter in interactive mode (which
- is discussed in <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->). The Tape Coordinator reports the
- task ID number in its onscreen trace and in the messages that it writes to its log and error files. To view the task ID
- numbers of a Tape Coordinator's running or pending operations, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup status</B
-></SPAN
->
- command.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ292"
->To start a Tape Coordinator process</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file of the cell in which the Tape Coordinator is to access volume data and the Backup Database. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display
- the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-><P
->Alternately, you can log into a file server machine as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> in
- Step <A
-HREF="c15383.html#LIWQ293"
->3</A
->.</P
-></LI
-><LI
-><P
->Verify that you can write to the Tape Coordinator's log and error files in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TE_</B
-></SPAN
->device_name and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TL_</B
-></SPAN
->device_name files). If the log and error files do not already exist, you must be able to insert
- and write to files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ293"
-></A
->Open a connection (using a command such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlogin</B
-></SPAN
->) to the Tape Coordinator machine that drives the tape device, or whose local disk
- houses the backup data file. The Tape Coordinator uses a devoted connection or window that must remain open for the Tape
- Coordinator to accept requests and while it is executing them.</P
-><P
->If you plan to include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command in the next step, log in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ294"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command to start the Tape Coordinator. You
- can include either, but not both, of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> options, as discussed in <A
-HREF="c15383.html#HDRWQ287"
->Performing Backup Operations as the Local
- Superuser Root or in a Foreign Cell</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->port offset</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debuglevel</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->trace level</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cellname</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->port offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the Tape Coordinator's port offset number. You must provide this argument unless the default value
- of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) is appropriate.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debuglevel</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the type of trace messages that the Tape Coordinator writes to the standard output stream
- (stdout). Provide one of the following three values, or omit this argument to display the default type of messages
- (equivalent to setting a value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> [zero]): <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
->: The Tape Coordinator generates only the minimum number of messages
- necessary to communicate with the backup operator, including prompts for insertion of additional tapes and
- messages that indicate errors or the beginning or completion of operations.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
->: In addition to the messages displayed at level <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
->, the Tape Coordinator displays the name of each volume being dumped or
- restored.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2</B
-></SPAN
->: In addition to the messages displayed at levels <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
->, the Tape Coordinator displays all of the
- messages it is also writing to its log file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/TL_</B
-></SPAN
->device_name).</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cellname</B
-></SPAN
-></DT
-><DD
-><P
->Names the cell in which to perform the backup operations (the cell where the relevant volumes reside and the
- Backup Server process is running). If you omit this argument, the Tape Coordinator uses its home cell, as defined
- in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> file. Do not combine this argument with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> flag.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-></DT
-><DD
-><P
->Disables the Tape Coordinator's prompt for the first tape it needs for each operation. For a description of
- the advantages and consequences of including this flag, see <A
-HREF="c12776.html#HDRWQ278"
->Eliminating the Search or
- Prompt for the Initial Tape</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-></DT
-><DD
-><P
->Constructs a server ticket using a key from the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
->
- file. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> process presents it to the Backup Server, Volume Server, and VL
- Server during mutual authentication. You must be logged into a file server machine as the local superuser
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> to include this flag, and cannot combine it with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_331"
->To stop a Tape Coordinator process</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Enter an interrupt signal such as <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->> over the dedicated connection to
- the Tape Coordinator.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ295"
->To check the status of a Tape Coordinator process</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup status</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup status</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->st</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->status</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TC port offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the Tape Coordinator's port offset number. You must provide this argument unless the default value
- of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) is appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The following message indicates that the Tape Coordinator is not currently performing an operation:</P
-><PRE
-CLASS="programlisting"
-> Tape coordinator is idle
-</PRE
-><P
->Otherwise, the output includes a message of the following format for each running or pending operation:</P
-><PRE
-CLASS="programlisting"
-> Task task_ID: operation: status
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->task_ID</B
-></SPAN
-></DT
-><DD
-><P
->Is a task identification number assigned by the Tape Coordinator. It begins with the Tape Coordinator's port
- offset number.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->operation</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the operation the Tape Coordinator is performing, which is initiated by the indicated command:
- <UL
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->Dump</SAMP
-> (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command)</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->Restore</SAMP
-> (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
->
- commands)</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->Labeltape</SAMP
-> (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
->
- command)</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->Scantape</SAMP
-> (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
->
- command)</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->SaveDb</SAMP
-> (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
->
- command)</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->RestoreDb</SAMP
-> (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup restoredb</B
-></SPAN
->
- command)</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->status</B
-></SPAN
-></DT
-><DD
-><P
->Indicates the job's current status in one of the following messages. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->number <SAMP
-CLASS="computeroutput"
->Kbytes transferred, volume</SAMP
->
- volume_name</B
-></SPAN
-></DT
-><DD
-><P
->For a running dump operation, indicates the number of kilobytes copied to tape or a backup data file so
- far, and the volume currently being dumped.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->number <SAMP
-CLASS="computeroutput"
->Kbytes, restore.volume</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->For a running restore operation, indicates the number of kilobytes copied into AFS from a tape or a
- backup data file so far.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[abort requested]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command was issued, but the termination signal has
- yet to reach the Tape Coordinator.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[abort sent]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The operation is canceled by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command. Once the Backup
- System removes an operation from the queue or stops it from running, it no longer appears at all in the output
- from the command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[butc contact lost]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command interpreter cannot reach the Tape Coordinator. The
- message can mean either that the Tape Coordinator handling the operation was terminated or failed while the
- operation was running, or that the connection to the Tape Coordinator timed out.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[done]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The Tape Coordinator has finished the operation.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[drive wait]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The operation is waiting for the specified tape drive to become free.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->[operator wait]</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The Tape Coordinator is waiting for the backup operator to insert a tape in the drive.</P
-></DD
-></DL
-></DIV
-></P
-></DD
-></DL
-></DIV
-></P
-><P
->If the Tape Coordinator is communicating with an XBSA server (a third-party backup utility that implements the Open
- Group's Backup Service API [XBSA]), the following message appears last in the output:</P
-><PRE
-CLASS="programlisting"
-> XBSA_program Tape coordinator
-</PRE
-><P
->where XBSA_program is the name of the XBSA-compliant program.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ296"
->Backing Up Data</A
-></H1
-><P
->This section explains how to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command to back up AFS data to tape or
- to a backup data file. The instructions assume that you understand Backup System concepts and have already configured the Backup
- System according to the instructions in <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
->. Specifically, you
- must already have: <UL
-><LI
-><P
->Decided whether to dump data to tape or to a backup data file, and configured the Tape Coordinator machine and Tape
- Coordinator process appropriately. See <A
-HREF="c12776.html#HDRWQ261"
->Configuring Tape Coordinator Machines and Tape
- Devices</A
-> and <A
-HREF="c12776.html#HDRWQ282"
->Dumping Data to a Backup Data File</A
->.</P
-></LI
-><LI
-><P
->Defined a volume set that includes the volumes you want to dump together. See <A
-HREF="c12776.html#HDRWQ265"
->Defining and
- Displaying Volume Sets and Volume Entries</A
->.</P
-></LI
-><LI
-><P
->Defined the dump level in the dump hierarchy at which you want to dump the volume set. If it is an incremental dump
- level, you must have previously created a dump at its parent level. See <A
-HREF="c12776.html#HDRWQ267"
->Defining and Displaying
- the Dump Hierarchy</A
->.</P
-></LI
-><LI
-><P
->Created a device configuration file. Such a file is required for each tape stacker, jukebox device, or backup data
- file. You can also use it to configure the Backup System's automation features. See <A
-HREF="c12776.html#HDRWQ275"
->Automating
- and Increasing the Efficiency of the Backup Process</A
->.</P
-></LI
-></UL
-></P
-><P
->The most basic way to perform a dump operation is to create an initial dump of a single volume set as soon as the
- appropriate Tape Coordinator is available, by providing only the required arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- dump</B
-></SPAN
-> command. Instructions appear in <A
-HREF="c15383.html#HDRWQ301"
->To create a dump</A
->. The command has several
- optional arguments that you can use to increase the efficiency and flexibility of your backup procedures: <UL
-><LI
-><P
->To append a dump to the end of a set of tapes that already contains other dumps, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
-> argument. Otherwise, the Backup System creates an initial dump. Appending dumps enables you
- to use a tape's full capacity and has other potentially useful features. For a discussion, see <A
-HREF="c15383.html#HDRWQ299"
->Appending Dumps to an Existing Dump Set</A
->.</P
-></LI
-><LI
-><P
->To schedule one or more dump operations to run at a future time, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
->
- argument. For a discussion and instructions, see <A
-HREF="c15383.html#HDRWQ300"
->Scheduling Dumps</A
->.</P
-></LI
-><LI
-><P
->To initiate a number of dump operations with a single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command, include
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument to name a file in which you have listed the commands. For a discussion
- and instructions, see <A
-HREF="c15383.html#HDRWQ299"
->Appending Dumps to an Existing Dump Set</A
-> and <A
-HREF="c15383.html#HDRWQ300"
->Scheduling Dumps</A
->.</P
-></LI
-><LI
-><P
->To generate a list of the volumes to be included in a dump, without actually dumping them, combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-> flag with the other arguments to be used on the actual command.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ297"
->Making Backup Operations More Efficient</A
-></H2
-><P
->There are several ways to make dump operations more efficient, less prone to error, and less disruptive to your users.
- Several of them also simplify the process of restoring data if that becomes necessary. <UL
-><LI
-><P
->It is best not to dump the read/write or read-only version of a volume, because no other users or processes can
- access a volume while it is being dumped. Instead, shortly before the dump operation begins, create a backup version of
- each volume to be dumped, and dump the backup version. Creating a Backup version usually makes the source volume
- unavailable for just a few moments (during which access attempts by other processes are blocked but do not fail). To
- automate the creation of backup volumes, you can create a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cron</B
-></SPAN
-> process in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/BosConfig</B
-></SPAN
-> file on one or more server machines, setting its start time at a
- sufficient interval before the dump operation is to begin. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
->
- argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> command to
- enable it to run without administrative tokens. For instructions, see <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new
- process</A
->.</P
-></LI
-><LI
-><P
->The volume set, dump level, and Tape Coordinator port offset you specify on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- dump</B
-></SPAN
-> command line must be properly defined in the Backup Database. The Backup System checks the database
- before beginning a dump operation and halts the command immediately if any of the required entities are missing. If
- necessary, use the indicated commands: <UL
-><LI
-><P
->To display volume sets, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listvolsets</B
-></SPAN
-> command as described in
- <A
-HREF="c12776.html#HDRWQ266"
->To display volume sets and volume entries</A
->.</P
-></LI
-><LI
-><P
->To display dump levels, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listdumps</B
-></SPAN
-> command as described in
- <A
-HREF="c12776.html#HDRWQ271"
->To display the dump hierarchy</A
->.</P
-></LI
-><LI
-><P
->To display port offsets, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listhosts</B
-></SPAN
-> command as described in
- <A
-HREF="c12776.html#HDRWQ264"
->To display the list of configured Tape Coordinators</A
->.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Ensure that a valid token corresponding to a privileged administrative identity is available to the Backup System
- processes both when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command is issued and when the dump operation
- actually runs (for a complete description or the necessary privileges, see <A
-HREF="c12776.html#HDRWQ260"
->Granting
- Administrative Privilege to Backup Operators</A
->). This is a special concern for scheduled dumps. One alternative is
- to run <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands (or the script that invokes them) and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command on server machines, and to include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
->
- argument on the command. In this case, the processes use the key with the highest key version number in the local
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file to construct a token that never expires. Otherwise, you must
- use a method to renew tokens before they expire, or grant tokens with long lifetimes. In either case, you must protect
- against improper access to the tokens by securing the machines both physically and against unauthorized network access.
- The protection possibly needs to be even stronger than when a human operator is present during the operations.</P
-></LI
-><LI
-><P
->Record tape capacity and filemark size values that are as accurate as possible in the Tape Coordinator's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file and on the tape's label. For suggested values and a description
- of what can happen when they are inaccurate, see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->.</P
-></LI
-><LI
-><P
->If an unattended dump requires multiple tapes, arrange to provide them by properly configuring a tape stacker or
- jukebox and writing a tape-mounting script to be invoked in the device's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file. For instructions, see <A
-HREF="c12776.html#HDRWQ277"
->Invoking a Device's Tape
- Mounting and Unmounting Routines</A
->.</P
-></LI
-><LI
-><P
->You can configure any tape device or backup data file's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file to
- take advantage of the Backup System's automation features. See <A
-HREF="c12776.html#HDRWQ275"
->Automating and Increasing the
- Efficiency of the Backup Process</A
->.</P
-></LI
-><LI
-><P
->When you issue a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command in regular (noninteractive) mode, the command
- shell prompt does not return until the operation completes. To avoid having to open additional connections, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command in interactive mode, especially when including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> argument to schedule dump operations.</P
-></LI
-><LI
-><P
->An incremental dump proceeds most smoothly if there is a dump created at the dump level immediately above the
- level you are using. If the Backup System does not find a Backup Database record for a dump created at the immediate
- parent level, it looks for a dump created at one level higher in the hierarchy, continuing up to the full dump level if
- necessary. It creates an incremental dump at the level one below the lowest valid parent dump that it finds, or even
- creates a full dump if that is necessary. This algorithm guarantees that the dump captures all data that has changed
- since the last dump, but has a couple of disadvantages. First, the Backup System's search through the database for a
- valid parent dump takes extra time. Second, the subsequent pattern of dumps can be confusing to a human operator who
- needs to restore data from them, because they were not performed at the expected dump levels.</P
-><P
->The easiest way to guarantee that a dump exists at the immediate parent level is always to perform dump operations
- on the predetermined schedule. To check that the parent dump exists, you can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- dumpinfo</B
-></SPAN
-> command (as described in <A
-HREF="c15383.html#HDRWQ303"
->To display dump records</A
->) and search for it
- in the output. Alternatively, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volinfo</B
-></SPAN
-> command (as described in <A
-HREF="c15383.html#HDRWQ304"
->To display a volume's dump history</A
->) for a volume that you believe is in the parent
- dump.</P
-></LI
-><LI
-><P
->Always use dump levels from the same hierarchy (levels that are descendants of the same full level) when dumping a
- given volume set. The result of alternating between levels from different hierarchies can be confusing when you need to
- restore data or read dump records. It also increases the chance that changed data is not captured in any dump, or is
- backed up redundantly into more than one dump.</P
-></LI
-><LI
-><P
->Use permanent tape names rather than AFS tape names. You can make permanent names more descriptive than is allowed
- by an AFS tape name's strict format, and also bypass the name-checking step that the Backup System performs by default
- when a tape has an AFS tape name only. You can also configure the Tape Coordinator always to skip the check, however;
- for instructions and a description of the acceptable format for AFS tape names, see <A
-HREF="c12776.html#HDRWQ280"
->Eliminating
- the AFS Tape Name Check</A
->.</P
-></LI
-><LI
-><P
->If you write dumps to tape, restore operations are simplest if all of your tape devices are compatible (can read
- the same type of tape, at the same compression ratios, and so on). If you must use incompatible devices, then at least
- use compatible devices for all dumps performed at dump levels that are at the same depth in their respective hierarchies
- (compatible devices for all dumps performed at a full dump level, compatible devices for all dumps performed at a level
- 1 incremental dump level, and so on). The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-> commands accepts
- multiple port offset numbers, but uses the first listed port offset when restoring all full dumps, the second port
- offset when restoring all level 1 dumps, and so on. If you did not use compatible tape devices when creating dumps at
- the same depth in a hierarchy, you must restore one volume at a time with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volrestore</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->In some cases, it makes sense to use a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->temporary</I
-></SPAN
-> volume set, which exists only within the
- context of the interactive session in which it is created and for which no record is created in the Backup Database. One
- suitable situation is when dumping a volume to tape in preparation for removing it permanently (perhaps because its
- owner is leaving the cell). In this case, you can define a volume entry that includes only the volume of interest
- without cluttering up the Backup Database with a volume set record that you are using only once.</P
-></LI
-><LI
-><P
->Do not perform a dump operation when you know that there are network, machine, or server process problems that can
- prevent the Backup System from accessing volumes or the Volume Location Database (VLDB). Although the Backup System
- automatically makes a number of repeated attempts to get to an inaccessible volume, the dump operation takes extra time
- and in some cases stops completely to prompt you for instructions on how to continue. Furthermore, if the Backup
- System's last access attempt fails and the volume is omitted from the dump, you must take extra steps to have it backed
- up (namely, the steps described just following for a halted dump operation). For a more complete description of how the
- Backup System makes repeated access attempts, see <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the
- Dump Process</A
->.</P
-></LI
-><LI
-><P
->Review the logs created by the Backup System as soon as possible after a dump operation completes, particularly if
- it ran unattended. They name any volumes that were not successfully backed up, among other problems. The Backup Server
- writes to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/BackupLog</B
-></SPAN
-> file on the local disk of the database server
- machine, and you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> command to read it remotely if you wish; for
- instructions, see <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->. The Tape Coordinator writes to
- two files in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-> directory on the machine where it is running:
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TE_</B
-></SPAN
->device_name file records errors, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TL_</B
-></SPAN
->device_name file records both trace and error messages.</P
-></LI
-><LI
-><P
->Avoid halting a dump operation (for instance, by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
->
- command in interactive mode), both because it introduces the potential for confusion and because recovering from the
- interruption requires extra effort. When a dump operation is interrupted, the volumes that were backed up before the
- halt signal is received are complete on the tape or in the backup data file, and are usable in restore operations. The
- records in the Backup Database about the volumes' dump history accurately show when and at which dump level they were
- backed up; to display the records, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volinfo</B
-></SPAN
-> command as described in <A
-HREF="c15383.html#HDRWQ304"
->To display a volume's dump history</A
->.</P
-><P
->However, there is no indication in the dump's Backup Database record that volumes were omitted; to display the
- record, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-> command as described in <A
-HREF="c15383.html#HDRWQ303"
->To
- display dump records</A
->. You must choose one of the following methods for dealing with the volumes that were not
- backed up before the dump operation halted. (Actually, you must make the same decision if the dump operation halts for
- reasons outside your control.) <UL
-><LI
-><P
->You can take no action, waiting until the next regularly scheduled dump operation to back them up. At that
- time, the Backup System automatically dumps them at the appropriate level to guarantee that the dump captures all
- of the data that changed since the volume was last dumped. However, you are gambling that restoring the volume is
- not necessary before the next dump operation. If restoration is necessary, you can restore the volume only to its
- state at the time it was last included in a dump--you have lost all changes made to the volume since that
- time.</P
-></LI
-><LI
-><P
->You can discard the entire dump and run the dump operation again. To discard the dump, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command to relabel the tapes or backup data file, which automatically
- removes all associated records from the Backup Database. For instructions, see <A
-HREF="c12776.html#HDRWQ272"
->Writing
- and Reading Tape Labels</A
->. If a long time has passed since the backup version of the volumes was created,
- some of the source volumes have possibly changed. If that seems likely, reissue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> command on them before redoing the dump
- operation.</P
-></LI
-><LI
-><P
->You can create a new volume set that includes the missed volumes and dump it at a full dump level (even if
- you specify an incremental dump level, the Backup System uses the full dump level at the top of your specified
- level's hierarchy, because it has never before backed up these volumes as part of the new volume set). The next
- time you dump the original volume set, the Backup System automatically dumps the missed volumes at the level one
- below the level it used the last time it dumped the volumes as part of the original volume set.</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
-></H2
-><P
->This section provides an overview of the backup process, describing what happens at each stage both by default and as a
- result of your configuration choices, including the configuration instructions you include in the device-specific <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file. For the sake of clarity, it tracks the progress of a single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command that creates an initial dump. For a discussion of the slight differences in the
- procedure when you append or schedule dumps, see <A
-HREF="c15383.html#HDRWQ299"
->Appending Dumps to an Existing Dump Set</A
-> or
- <A
-HREF="c15383.html#HDRWQ300"
->Scheduling Dumps</A
->.</P
-><P
->As a concrete example, the following description traces a dump of the volume set <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
->
- at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/weekly/mon/tues/wed</B
-></SPAN
-> dump level. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
-> volume set
- has one volume entry that matches the backup version of all user volumes:</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.* .* user.*\.backup</B
-></SPAN
->
- </PRE
-><P
->The dump level belongs to the following dump hierarchy.</P
-><PRE
-CLASS="programlisting"
-> /weekly
- /mon
- /tues
- /wed
- /thurs
- /fri
-</PRE
-><OL
-TYPE="1"
-><LI
-><P
-><A
-NAME="LIBKOV-BUTC"
-></A
->You issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command to start a Tape Coordinator
- to handle the dump operation. The Tape Coordinator does not have to be running when you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command, but must be active in time to accept the list of volumes to be included in the
- dump, when Step <A
-HREF="c15383.html#LIBKOV-VOLMATCHES"
->3</A
-> is completed. To avoid coordination problems, it is best to
- start the Tape Coordinator before issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command.</P
-><P
->As the Tape Coordinator initializes, it reads the entry in its local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/tapeconfig</B
-></SPAN
-> file for the port offset you specify on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command line. The entry specifies the name of the device to use, and the Tape Coordinator
- verifies that it can access it. It also reads the device's configuration file, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/CFG_</B
-></SPAN
->device_name, if it exists. See Step <A
-HREF="c15383.html#LIBKOV-READCFG"
->6</A
-> for
- a description of how the instructions in the file influence the dump operation.</P
-></LI
-><LI
-><P
->You issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command, specifying a volume set, dump level, and the
- same port offset number you specified on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command in Step <A
-HREF="c15383.html#LIBKOV-BUTC"
->1</A
->. The Backup System verifies that they have correct Backup Database records and halts the
- operation with an error message if they do not.</P
-><P
->If you issue the command in interactive mode, the Backup System assigns the operation a job ID number, which you can
- use to check the operation's status or halt it by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) jobs</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command, respectively. For instructions, see <A
-HREF="c15383.html#HDRWQ289"
->To display
- pending or running jobs in interactive mode</A
-> and <A
-HREF="c15383.html#HDRWQ290"
->To cancel operations in interactive
- mode</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIBKOV-VOLMATCHES"
-></A
->The Backup System works with the VL Server to generate a list of the volumes in the
- VLDB that match the name and location criteria defined in the volume set's volume entries. If a volume matches more than
- one volume entry, the Backup System ignores the duplicates so that the dump includes only one copy of data from the
- volume.</P
-><P
->To reduce the number of times you need to switch tapes during a restore operation, the Backup System sorts the
- volumes by server machine and partition, and during the dump operation writes the data from all volumes stored on a
- specific partition before moving to the next partition.</P
-><P
->As previously mentioned, it is best to back up backup volumes rather than read/write volumes, to avoid blocking
- users' access to data during the dump. To achieve this, you must explicitly include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> suffix on the volume names in volume entry definitions. For instructions, and to learn how
- to define volume entries that match multiple volumes, see <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and
- Volume Entries</A
->.</P
-><P
->In the example, suppose that 50 volumes match the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
-> volume set criteria,
- including three called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.pat.backup</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.terry.backup</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.smith.backup</B
-></SPAN
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIBKOV-CLONEDATE"
-></A
->The Backup System next scans the dump hierarchy for the dump level you have
- specified on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command line. If it is a full level, then in the current
- operation the Backup System backs up all of the data in all of the volumes in the list obtained in Step <A
-HREF="c15383.html#LIBKOV-VOLMATCHES"
->3</A
->.</P
-><P
->If the dump level is incremental, the Backup System reads each volume's dump history in the Backup Database to learn
- which of the parent levels in its pathname was used when the volume was most recently backed up as part of this volume
- set. In the usual case, it is the current dump level's immediate parent level.</P
-><P
->An incremental dump of a volume includes only the data that changed since the volume was included in the parent
- dump. To determine which data are eligible, the Backup System uses the concept of a volume's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->clone
- date</I
-></SPAN
->. A read/write volume's clone date is when the Backup System locks the volume before copying its contents
- into a dump. A backup volume's clone date is the completion time of the operation that created it by cloning its
- read/write source volume (the operation initiated by a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> command). A read-only volume's clone date is the time of the release operation
- (initiated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command) that completed most recently before the dump
- operation.</P
-><P
->More precisely then, an incremental dump includes only data that have a modification timestamp between the clone
- date of the volume included in the parent dump (the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->parent clone date</I
-></SPAN
->) and the clone date of the
- volume to be included in the current dump (the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->current clone date</I
-></SPAN
->).</P
-><P
->There are some common exceptions to the general rule that a volume's parent dump is the dump created at the
- immediate parent level: <UL
-><LI
-><P
->The volume did not exist at all at the time of the last dump. In this case, the Backup System automatically
- does a full dump of it.</P
-></LI
-><LI
-><P
->The volume did not match the volume set's name and location criteria at the time of the last dump. In this
- case, the Backup System automatically does a full dump of it, even if it was backed up recently (fully or
- incrementally) as part of another volume set. This redundancy is an argument for defining volume entries in terms of
- names rather than locations, particularly if you move volumes frequently.</P
-></LI
-><LI
-><P
->The volume was not included in the dump at the immediate parent level for some reason (perhaps a process,
- machine, or network access prevented the Backup System from accessing it). In this case, the Backup System sets the
- clone date to the time of the last dump operation that included the volume. If the volume was not included in a dump
- performed at any of the levels in the current level's pathname, the Backup System does a full dump of it.</P
-></LI
-></UL
-></P
-><P
->In the example, the current dump level is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/weekly/mon/tues/wed</B
-></SPAN
->. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.pat.backup</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.terry.backup</B
-></SPAN
-> volumes were included in the
- dump performed yesterday, Tuesday, at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/weekly/mon/tues</B
-></SPAN
-> level. The Backup System uses
- as their parent clone date 3:00 a.m. on Tuesday, which is when backup versions of them were created just before Tuesday's
- dump operation. However, Tuesday's dump did not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.smith.backup</B
-></SPAN
-> volume for
- some reason. The last time it was included in a dump was Monday, at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/weekly/mon</B
-></SPAN
->
- level. The Backup System uses a parent clone date of Monday at 2:47 a.m., which is when a backup version of the volume was
- created just before the dump operation on Monday.</P
-></LI
-><LI
-><P
->If performing an incremental dump, the Backup System works with the Volume Server to prepare a list of all of the
- files in each volume that have changed (have modification timestamps) between the parent clone date and the current clone
- date. The dump includes the complete contents of every such file. If a file has not changed, the dump includes only a
- placeholder stub for it. The dump also includes a copy of the complete directory structure in the volume, whether or not
- it has changed since the previous dump.</P
-><P
->If none of the data in the volume has changed since the last dump, the Backup System omits the volume completely. It
- generates the following message in the Tape Coordinator window and log files:</P
-><PRE
-CLASS="programlisting"
-> Volume volume_name (volume_ID) not dumped - has not been modified
- since last dump.
-</PRE
-></LI
-><LI
-><P
-><A
-NAME="LIBKOV-READCFG"
-></A
->The Tape Coordinator prepares to back up the data. If there is a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file, the Tape Coordinator already read it in Step <A
-HREF="c15383.html#LIBKOV-BUTC"
->1</A
->. The following list describes how the instructions in the file guide the Tape Coordinator's
- behavior at this point: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FILE</B
-></SPAN
-></DT
-><DD
-><P
->If this instruction is set to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->YES</B
-></SPAN
->, the Tape Coordinator writes data to a
- backup data file. The device_name field in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file must also specify
- a filename for the dump to work properly. For further discussion and instructions on configuring a backup data
- file, see <A
-HREF="c12776.html#HDRWQ282"
->Dumping Data to a Backup Data File</A
->.</P
-><P
->If it is set to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
-> or does not appear in the file, the Tape Coordinator
- writes to a tape device.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT and UNMOUNT</B
-></SPAN
-></DT
-><DD
-><P
->If there is a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in the file, each time the Tape Coordinator
- needs a new tape, it invokes the indicated script or program to mount a tape in the device's tape drive. There
- must be a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction if you want to utilize a tape stacker or jukebox's
- ability to switch between tapes automatically. If there is no <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction,
- the Tape Coordinator prompts the human operator whenever it needs a tape.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY</B
-></SPAN
-> instruction, which is described just following, modifies the
- Tape Coordinator's tape acquisition procedure for the first tape it needs in a dump operation.</P
-><P
->If there is an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instruction, then the Tape Coordinator invokes the
- indicated script or program whenever it closes the tape device. Not all tape devices have a separate tape
- unmounting routine, in which case the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
-> instruction is not necessary. For
- more details on both instructions, see <A
-HREF="c12776.html#HDRWQ277"
->Invoking a Device's Tape Mounting and Unmounting
- Routines</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY</B
-></SPAN
-></DT
-><DD
-><P
->If this instruction is set to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
->, the Tape Coordinator assumes that the
- first tape needed for the dump operation is already in the tape drive. It does not use its usual tape acquisition
- procedure as described in the preceding discussion of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction. You
- can achieve the same effect by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command.</P
-><P
->If this instruction is absent or set to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->YES</B
-></SPAN
->, the Tape Coordinator uses its
- usual tape acquisition procedure even for the first tape. For more details, see <A
-HREF="c12776.html#HDRWQ278"
->Eliminating the Search or Prompt for the Initial Tape</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BUFFERSIZE</B
-></SPAN
-></DT
-><DD
-><P
->If this instruction appears in the file, the Tape Coordinator sets its buffer size to the specified value
- rather than using the default buffer size of 16 KB. For further discussion, see <A
-HREF="c12776.html#HDRWQ281"
->Setting
- the Memory Buffer Size to Promote Tape Streaming</A
->.</P
-></DD
-></DL
-></DIV
-></P
-><P
->If there is no <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file, the Tape Coordinator writes data to a tape
- device and prompts the human operator each time it needs a tape (the only exception being the first tape if you include
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command).</P
-></LI
-><LI
-><P
-><A
-NAME="LIBKOV-NAMECHECK"
-></A
->The Tape Coordinator opens either a tape drive or backup data file at this point, as
- directed by the instructions in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file (described in Step <A
-HREF="c15383.html#LIBKOV-READCFG"
->6</A
->). The instructions also determine whether it invokes a mount script or prompts the
- operator. In Step <A
-HREF="c15383.html#LIBKOV-BUTC"
->1</A
-> the Tape Coordinator read in the device's capacity and filemark
- size from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> file. It now reads the same values from the tape or backup data
- file's magnetic label, and overwrites the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tapeconfig</B
-></SPAN
-> values if there is a
- difference.</P
-><P
->If creating an initial dump (as in the current example) and there is no permanent name on the label, the Tape
- Coordinator next checks that the AFS tape name has one of the three acceptable formats. If not, it rejects the tape and
- you must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command to write an acceptable name. You can bypass
- this name-checking step by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NAME_CHECK NO</B
-></SPAN
-> instruction in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file. For discussion and a list of the acceptable AFS tape name values, see <A
-HREF="c12776.html#HDRWQ280"
->Eliminating the AFS Tape Name Check</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIBKOV-EXPDATE"
-></A
->For an initial dump, the Tape Coordinator starts writing at the beginning of the tape
- or backup dump file, overwriting any existing data. To prevent inappropriate overwriting, the Backup System first checks
- the Backup Database for any dump records associated with the name (permanent or AFS tape name) on the tape or backup dump
- file's label. It refuses to write to a backup data file that has unexpired dumps in it, or to a tape that belongs to a
- dump set with any unexpired dumps. To recycle a file or tape before all dumps have expired, you must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command to relabel it. Doing so removes the Backup Database records of all dumps
- in the file or on all tapes in the dump set, which makes it impossible to restore data from any of the tapes. For more
- information on expiration dates, see <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->.</P
-><P
->The Tape Coordinator also checks for two other types of inappropriate tape reuse. The tape cannot already have data
- on it that belongs to the dump currently being performed, because that implies that the previous tape is still in the
- drive, or you have mistakenly reinserted it. The Tape Coordinator generates the following message and attempts to obtain
- another tape:</P
-><PRE
-CLASS="programlisting"
-> Can't overwrite tape containing the dump in progress
-</PRE
-><P
->The tape cannot contain data from a parent dump of the current (incremental) dump, because overwriting a parent dump
- makes it impossible to restore data from the current dump. The Tape Coordinator generates the following message and
- attempts to obtain another tape:</P
-><PRE
-CLASS="programlisting"
-> Can't overwrite the parent dump parent_name (parent_dump_ID)
-</PRE
-></LI
-><LI
-><P
-><A
-NAME="LIBKOV-WRITE"
-></A
->The Tape Coordinator now writes data to the tape or backup data file. It uses the
- capacity and filemark size it obtained in Step <A
-HREF="c15383.html#LIBKOV-NAMECHECK"
->7</A
-> as it tracks how much more space
- is available, automatically using its tape acquisition procedure if the dump is not finished when it reaches the end of
- the tape. For a more detailed description, and a discussion of what happens if the Tape Coordinator reaches the physical
- end-of-tape unexpectedly, see <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->. Similarly, for instructions
- on configuring a backup data file to optimize recovery from unexpectedly running out of space, see Step <A
-HREF="c12776.html#LITAPECONFIG-FILE"
->6</A
-> in the instructions in <A
-HREF="c12776.html#HDRWQ282"
->Dumping Data to a Backup Data
- File</A
->.</P
-><P
->If the Tape Coordinator cannot access a volume during the dump (perhaps because of a server process, machine, or
- network outage), it skips the volume and continues dumping all volumes that it can access. It generates an error message
- in the Tape Coordinator window and log file about the omitted volume. It generates a similar message if it discovers that
- a backup volume has not been recloned since the previous dump operation (that is, that the volume's current clone date is
- the same as its parent clone date):</P
-><PRE
-CLASS="programlisting"
-> Volume volume_name (volume_ID) not dumped - has not been re-cloned
- since last dump.
-</PRE
-><P
->After completing a first pass through all of the volumes, it attempts to dump each omitted volume again. It first
- checks to see if the reason that the volume was inaccessible during the first pass is that it has been moved since the VL
- Server generated the list of volumes to dump in Step <A
-HREF="c15383.html#LIBKOV-VOLMATCHES"
->3</A
->. If so, it dumps the
- volume from its new site. If the second attempt to access a volume also fails, the Tape Coordinator it generates the
- following message, prompting you for instruction on how to proceed:</P
-><PRE
-CLASS="programlisting"
-> Dump of volume volume_name (volume_ID) failed
- Please select action to be taken for this volume.
- r - retry, try dumping this volume again
- o - omit, this volume from this dump
- a - abort, the entire dump
-</PRE
-><P
->To increase the automation of the dump process, you can include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ASK NO</B
-></SPAN
->
- instruction in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file to suppress this prompt and have the Tape
- Coordinator automatically omit the volume from the dump.</P
-><P
->If you are tracking the dump as it happens, the prompt enables you to take corrective action. If the volume has not
- been recloned, you can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command. If the volume is inaccessible, you
- can investigate and attempt to resolve the cause.</P
-></LI
-><LI
-><P
->If the tape or backup data file does not already have an AFS tape name, the Backup System constructs the appropriate
- one and records it on the label and in the Backup Database. It also assigns a dump name and ID number to the dump and
- records them in dump record that it creates in the Backup Database. For details on tape and dump names, see <A
-HREF="c12776.html#HDRWQ253"
->Dump Names and Tape Names</A
->. For instructions on displaying dump records or a volume's dump
- history, or scanning the contents of a tape, see <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ299"
->Appending Dumps to an Existing Dump Set</A
-></H2
-><P
->The AFS Backup System enables you to append dumps to the end of the final tape in a dump set by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command. Appending dumps improves
- Backup System automation and efficiency in several ways: <UL
-><LI
-><P
->It maximizes use of a tape's capacity. An initial dump must always start on a new tape, but does not necessarily
- extend to the end of the final tape in the dump set. You can fill up the unused tape by appending one or more
- dumps.</P
-></LI
-><LI
-><P
->It can reduce the number of tapes and tape changes needed to complete a dump operation. Rather than performing a
- series of initial dumps first, instead begin with an initial dump and follow it immediately with several appended dumps.
- In this way you can write all dumps in the series to the same tape (assuming the tape is large enough to accommodate
- them all). If, in contrast, you perform all of the initial dumps first, each must begin on a new tape and you must
- switch tapes again if you then want to append dumps.</P
-><P
->You can either issue the appropriate series of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> commands at the
- interactive <SAMP
-CLASS="computeroutput"
->backup></SAMP
-> prompt, or record them in a file that you then name with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command. Appending
- dumps in this way enables you to run multiple unattended backup operations even without a tape stacker or jukebox, if
- all of the dumps fit on one tape.</P
-></LI
-><LI
-><P
->It can reduce the number of tape changes during a restore operation. For example, if you append all of the
- incremental dumps of a volume set to tapes in one dump set, then restoring a volume from the volume set requires a
- minimum number of tape changes. It is best not to append incremental dumps to a tape that contains the parent full dump,
- however: if the tape is lost or damaged, you lose all of the data from the volume.</P
-><P
->Although it can be efficient to group together appended dumps that are related, the Backup System does not require
- any relationship between the appended dumps on a tape or in a dump set.</P
-></LI
-></UL
-></P
-><P
->When writing an appended dump, the Backup System performs most of the steps described in <A
-HREF="c15383.html#HDRWQ298"
->How
- Your Configuration Choices Influence the Dump Process</A
->. Appended dumps do not have to be related to one another or the
- initial dump, so it skips Step <A
-HREF="c15383.html#LIBKOV-NAMECHECK"
->7</A
->: there is no need to check that the AFS tape name
- reflects the volume set and dump level names in this case. It also skips Step <A
-HREF="c15383.html#LIBKOV-EXPDATE"
->8</A
->. Because
- it is not overwriting any existing data on the tape, it does not need to check the expiration dates of existing dumps on the
- tape or in the file. Then in Step <A
-HREF="c15383.html#LIBKOV-WRITE"
->9</A
-> the Tape Coordinator scans to the end of the last dump
- on the tape or in the backup data file before it begins writing data.</P
-><P
->The Backup System imposes the following conditions on appended dumps: <UL
-><LI
-><P
->If writing to tape, the Tape Coordinator checks that it is the final one in a dump set for which there are
- complete and valid tape and dump records in the Backup Database. If not, it rejects the tape and requests an acceptable
- one. If you believe the tape has valid data on it, you can reconstruct the Backup Database dump records for it by using
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dbadd</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command as
- instructed in <A
-HREF="c15383.html#HDRWQ305"
->To scan the contents of a tape</A
->.</P
-></LI
-><LI
-><P
->The most recent dump on the tape or in the backup data file must have completed successfully.</P
-></LI
-><LI
-><P
->The dump set to which the tape or file belongs must begin with an initial dump that is recorded in the Backup
- Database. If there are no dumps on the current tape, then the Backup System treats the dump operation as an initial dump
- and imposes the relevant requirements (for example, checks the AFS tape name if appropriate).</P
-></LI
-></UL
-></P
-><P
->As you append dumps, keep in mind that all of a dump set's dump and tape records in the Backup Database are indexed to
- the initial dump. If you want to delete an appended dump's record, you must delete the initial dump record, and doing so
- erases the records of all dumps in the dump set. Without those records, you cannot restore any of the data in the dump
- set.</P
-><P
->Similarly, all of the dumps in a dump set must expire before you can recycle (write a new initial dump to) any of the
- tapes in a dump set. Do not append a dump if its expiration date is later than the date on which you want to recycle any of
- the tapes in its dump set. To recycle a tape before the last expiration date, you must delete the initial dump's record from
- the Backup Database. Either use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command to relabel the tape as
- instructed in <A
-HREF="c12776.html#HDRWQ273"
->To label a tape</A
->, or use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup deletedump</B
-></SPAN
->
- command to delete the record directly as instructed in <A
-HREF="c15383.html#HDRWQ322"
->To delete dump records from the Backup
- Database</A
->.</P
-><P
->Although in theory you can append as many dumps as you wish, it generally makes sense to limit the number of tapes in a
- dump set (for example, to five), for these reasons: <UL
-><LI
-><P
->If an unreadable spot develops on one of the tapes in a dump set, it can prevent the Tape Coordinator from
- scanning the tape as part of a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> operation you use to reconstruct Backup
- Database records. The Tape Coordinator can almost always scan the tape successfully up to the point of damage and can
- usually skip past minor damage. A scanning operation can start on any tape in a dump set, so damage on one tape does not
- prevent scanning of the others in the dump set. However, you can scan only the tapes that precede the damaged one in the
- dump set or the ones that follow the damaged one, but not both. (For more information on using tapes to reconstruct the
- information in the Backup Database, see <A
-HREF="c15383.html#HDRWQ305"
->To scan the contents of a tape</A
->.)</P
-><P
->An unreadable bad spot can also prevent you from restoring a volume completely, because restore operations must
- begin with the full dump and continue with each incremental dump in order. If you cannot restore a specific dump, you
- cannot restore any data from later incremental dumps.</P
-></LI
-><LI
-><P
->If you decide in the future to archive one or more dumps, then you must archive the entire set of tapes that
- constitute the dump set, rather than just the ones that contain the data of interest. This wastes both tape and archive
- storage space. For more information on archiving, see <A
-HREF="c12776.html#HDRWQ269"
->Archiving Tapes</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ300"
->Scheduling Dumps</A
-></H2
-><P
->By default, the Backup System starts executing a dump operation as soon as you enter the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- dump</B
-></SPAN
-> command, and the Tape Coordinator begins writing data as soon as it is not busy and the list of files to write
- is available. You can, however, schedule a dump operation to begin at a specific later time: <UL
-><LI
-><P
->To schedule a single dump operation, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> argument to specify its
- start time.</P
-></LI
-><LI
-><P
->To schedule multiple dump operations, list the operations in a file named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument and use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> argument to specify when the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command interpreter reads the file. If you omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> argument, the command interpreter reads the file immediately, which does not count as
- scheduling, but does allow you to initiate multiple dump operations in a single command. Do not combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volumeset</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dump</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
->, or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-> options.</P
-><P
->For file-formatting instructions, see the description of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument in
- Step <A
-HREF="c15383.html#LIBKDUMP-SYNTAX"
->7</A
-> of <A
-HREF="c15383.html#HDRWQ301"
->To create a dump</A
->.</P
-></LI
-></UL
-></P
-><P
->The Backup System performs initial and appended dumps in the same manner whether they are scheduled or begin running as
- soon as you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command. The only difference is that the requirements for
- successful execution hold both at the time you issue the command and when the Backup System actually begins running it. All
- required Backup Database entries for volume sets, dump levels, and port offsets, and all dump and tape records must exist at
- both times. Perhaps more importantly, the required administrative tokens must be available at both times. See <A
-HREF="c15383.html#HDRWQ297"
->Making Backup Operations More Efficient</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ301"
->To create a dump</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the Tape Coordinator for the tape device that is to perform the operation is not already running, open a
- connection to the appropriate Tape Coordinator machine and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, for
- which complete instructions appear in <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape Coordinator process</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->port offset</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->]
-</PRE
-></P
-></LI
-><LI
-><P
->If using a tape device, insert the tape.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Decide which volume set and dump level to use. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- listvolsets</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup listdumps</B
-></SPAN
-> commands to display the existing volume sets
- and dump levels. For complete instructions and a description of the output, see <A
-HREF="c12776.html#HDRWQ266"
->To display volume
- sets and volume entries</A
-> and <A
-HREF="c12776.html#HDRWQ271"
->To display the dump hierarchy</A
->. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvolsets</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume set name</I
-></SPAN
->>]
- backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listdumps</B
-></SPAN
->
-</PRE
-></P
-><P
->If you want to use a temporary volume set, you must create it during the current interactive session. This can be
- useful if you are dumping a volume to tape in preparation for removing it permanently (perhaps because its owner is
- leaving the cell). In this case, you can define a volume entry that includes only the volume of interest without
- cluttering up the Backup Database with a volume set record that you are using only once. Complete instructions appear in
- <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->.</P
-><PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvolset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume set name</I
-></SPAN
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-temporary</B
-></SPAN
->
- backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvolentry -name</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume set name</I
-></SPAN
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->partition name</I
-></SPAN
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volumes</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume name (regular expression)</I
-></SPAN
->>
-</PRE
-></LI
-><LI
-><P
->If you are creating an initial dump and writing to a tape or backup data file that does not have a permanent name,
- its AFS tape name must satisfy the Backup System's format requirements as described in <A
-HREF="c12776.html#HDRWQ280"
->Eliminating the AFS Tape Name Check</A
->. If necessary, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- readlabel</B
-></SPAN
-> command to display the label and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command to
- change the names, as instructed in <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->. You must also relabel
- a tape if you want to overwrite it and it is part of a dump set that includes any unexpired dumps, though this is not
- recommended. For a discussion of the appropriate way to recycle tapes, see <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape
- Recycling Schedule</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIBKDUMP-SYNTAX"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command to dump the volume
- set. <UL
-><LI
-><P
->To create one initial dump, provide only the volume set name, dump level name, and port offset (if not
- zero).</P
-></LI
-><LI
-><P
->To create one appended dump, add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
-> flag.</P
-></LI
-><LI
-><P
->To schedule a single initial or appended dump, add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> argument.</P
-></LI
-><LI
-><P
->To initiate multiple dump operations, record the appropriate commands in a file and name it with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument. Do not combine this argument with options other than the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> argument.</P
-></LI
-></UL
-></P
-><PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dump</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume set name</I
-></SPAN
->> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump level name</I
-></SPAN
->> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Date/time to start dump</I
-></SPAN
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->load file</I
-></SPAN
->>]
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dump</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume set name</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume set to dump.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dump level name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete pathname of the dump level at which to dump the volume set.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TC port offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the port offset number of the Tape Coordinator process that is handling the operation. You must
- provide this argument unless the default value of 0 (zero) is appropriate.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the date and time in the future at which to run the command, or to read the file named by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument. Provide a value in the format mm/dd/yyyy [hh:MM], where the month
- (mm), day (dd), and year (yyyy) are required. Valid values for the year range from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1970</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2037</B
-></SPAN
->; higher values are not valid because the
- latest possible date in the standard UNIX representation is in February 2038. The Backup System automatically
- reduces any later date to the maximum value in 2038.</P
-><P
->The hour and minutes (hh:MM) are optional, but if provided must be in 24-hour format (for example, the value
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->14:36</B
-></SPAN
-> represents 2:36 p.m.). If you omit them, the time defaults to midnight
- (00:00 hours).</P
-><P
->As an example, the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->04/23/1999 20:20</B
-></SPAN
-> schedules the command for 8:20
- p.m. on 23 April 1999.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->A plus sign follows this argument in the command's syntax statement because it accepts a multiword value
- which does not need to be enclosed in double quotes or other delimiters, not because it accepts multiple dates.
- Provide only one date (and optionally, time) definition.</P
-></BLOCKQUOTE
-></DIV
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-append</B
-></SPAN
-></DT
-><DD
-><P
->Creates an appended dump by scanning to the end of the data from one or more previous dump operations that
- it finds on the tape or in the backup data file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-></DT
-><DD
-><P
->Displays the names of all volumes to be included in the indicated dump, without actually writing data to
- tape or the backup data file. Combine this flag with the arguments you plan to use on the actual command, but not
- with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the local disk or AFS pathname of a file containing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
- commands. The Backup System reads the file immediately, or at the time specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> argument if it is provided. A partial pathname is interpreted relative to the current
- working directory.</P
-><P
->Place each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command on its own line in the indicated file, using
- the same syntax as for the command line, but without the word <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> at the start
- of the line. Each command must include the volume set name and dump level name arguments plus the TC port offset
- argument if the default value of zero is not appropriate. Commands in the file can also include any of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command's optional arguments, including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-at</B
-></SPAN
-> argument (which must specify a date and time later than the date and time at which the
- Backup System reads the file).</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you did not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag when you issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, or if the device's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name configuration
- file includes the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY YES</B
-></SPAN
->, then the Tape Coordinator prompts you to
- place the tape in the device's drive. You have already done so, but you must now press <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Return</B
-></SPAN
->> to indicate that the tape is ready for labeling.</P
-><P
->If more than one tape is required, you must either include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file and stock the corresponding stacker or jukebox with tapes, or
- remain at the console to respond to the Tape Coordinator's prompts for subsequent tapes.</P
-></LI
-><LI
-><P
->After the dump operation completes, review the Backup System's log files to check for errors. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> command as instructed in <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log
- Files</A
-> to read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/BackupLog</B
-></SPAN
-> file, and a text editor on the Tape
- Coordinator machine to read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TE_</B
-></SPAN
->device_name and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TL_</B
-></SPAN
->device_name files in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
->
- directory.</P
-><P
->It is also a good idea to record the tape name and dump ID number on the exterior label of each tape.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ302"
->Displaying Backup Dump Records</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command suite includes three commands for displaying information about data
- you have backed up: <UL
-><LI
-><P
->To display information about one or more dump operations, such as the date it was performed and the number of
- volumes included, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-> command as described in <A
-HREF="c15383.html#HDRWQ303"
->To display dump records</A
->. You can display a detailed record of a single dump or more condensed
- records for a certain number of dumps, starting with the most recent and going back in time. You can specify the number of
- dumps or accept the default of 10.</P
-></LI
-><LI
-><P
->To display a volume's dump history, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volinfo</B
-></SPAN
-> command as described in
- <A
-HREF="c15383.html#HDRWQ304"
->To display a volume's dump history</A
->.</P
-></LI
-><LI
-><P
->To display information extracted from a tape or backup data file about the volumes it includes, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command. To create new dump and tape records in the Backup Database derived from
- the tape and dump labels, add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dbadd</B
-></SPAN
-> flag. For instructions, see <A
-HREF="c15383.html#HDRWQ305"
->To scan the contents of a tape</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ303"
->To display dump records</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-> command to list information about dumps recorded in the
- Backup Database. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-ndumps</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->no. of dumps</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump id</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dump</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dumpinfo</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-ndumps</B
-></SPAN
-></DT
-><DD
-><P
->Displays the Backup Database record for each of the specified number of dumps, starting with the most recent
- and going back in time. If the database contains fewer dumps than are requested, the output includes the records
- for all existing dumps. Do not combine this argument with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-> flag; omit all three options to display the records for the last 10
- dumps.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the dump ID number of a single dump for which to display the Backup Database record. You must
- include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> switch. Do not combine this option with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-ndumps</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-> arguments; omit all three arguments to
- display the records for the last 10 dumps.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-></DT
-><DD
-><P
->Provides more detailed information about the dump specified with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
->
- argument, which must be provided along with it. Do not combine this flag with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-ndumps</B
-></SPAN
-> option.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-ndumps</B
-></SPAN
-> argument is provided, the output presents the following information in
- table form, with a separate line for each dump: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->dumpid</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The dump ID number.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->parentid</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The dump ID number of the dump's parent dump. A value of <SAMP
-CLASS="computeroutput"
->0</SAMP
-> (zero) identifies a
- full dump.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->lv</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The depth in the dump hierarchy of the dump level used to create the dump. A value of
- <SAMP
-CLASS="computeroutput"
->0</SAMP
-> (zero) identifies a full dump, in which case the value in the
- <SAMP
-CLASS="computeroutput"
->parentid</SAMP
-> field is also <SAMP
-CLASS="computeroutput"
->0</SAMP
->. A value of
- <SAMP
-CLASS="computeroutput"
->1</SAMP
-> or greater indicates an incremental dump made at the corresponding level in the
- dump hierarchy.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->created</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The date and time at which the Backup System started the dump operation that created the dump.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->nt</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The number of tapes that contain the data in the dump. A value of <SAMP
-CLASS="computeroutput"
->0</SAMP
-> (zero)
- indicates that the dump operation was terminated or failed. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup deletedump</B
-></SPAN
->
- command to remove such entries.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->nvols</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The number of volumes from which the dump includes data. If a volume spans tapes, it is counted twice. A value
- of <SAMP
-CLASS="computeroutput"
->0</SAMP
-> (zero) indicates that the dump operation was terminated or failed; the value in
- the <SAMP
-CLASS="computeroutput"
->nt</SAMP
-> field is also <SAMP
-CLASS="computeroutput"
->0</SAMP
-> (zero) in this case.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->dump name</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The dump name in the form <PRE
-CLASS="programlisting"
-> volume_set_name.dump_level_name (initial_dump_ID)
-</PRE
-></P
-><P
->where volume_set_name is the name of the volume set, and dump_level_name is the last element in the dump level
- pathname at which the volume set was dumped.</P
-><P
->The initial_dump_ID, if displayed, is the dump ID of the initial dump in the dump set to which this dump
- belongs. If there is no value in parentheses, the dump is the initial dump in a dump set that has no appended
- dumps.</P
-></DD
-></DL
-></DIV
-></P
-><P
->If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument is provided alone, the first line of output begins with the string
- <SAMP
-CLASS="computeroutput"
->Dump</SAMP
-> and reports information for the entire dump in the following fields: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->id</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The dump ID number.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->level</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The depth in the dump hierarchy of the dump level used to create the dump. A value of
- <SAMP
-CLASS="computeroutput"
->0</SAMP
-> (zero) identifies a full dump. A value of <SAMP
-CLASS="computeroutput"
->1</SAMP
-> (one)
- or greater indicates an incremental dump made at the specified level in the dump hierarchy.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->volumes</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The number of volumes for which the dump includes data.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->created</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The date and time at which the dump operation began.</P
-></DD
-></DL
-></DIV
-></P
-><P
->If an XBSA server was the backup medium for the dump (rather than a tape device or backup data file), the following line
- appears next:</P
-><PRE
-CLASS="programlisting"
-> Backup Service: XBSA_program: Server: hostname
-</PRE
-><P
->where XBSA_program is the name of the XBSA-compliant program and hostname is the name of the machine on which the
- program runs.</P
-><P
->Next the output includes an entry for each tape that houses volume data from the dump. Following the string
- <SAMP
-CLASS="computeroutput"
->Tape</SAMP
->, the first two lines of each entry report information about that tape in the following
- fields: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->name</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The tape's permanent name if it has one, or its AFS tape name otherwise, and its tape ID number in
- parentheses.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->nVolumes</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The number of volumes for which this tape includes dump data.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->created</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The date and time at which the Tape Coordinator began writing data to this tape.</P
-></DD
-></DL
-></DIV
-></P
-><P
->Following another blank line, the tape-specific information concludes with a table that includes a line for each volume
- dump on the tape. The information appears in columns with the following headings: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Pos</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The relative position of each volume in this tape or file. On a tape, the counter begins at position 2 (the tape
- label occupies position 1), and increments by one for each volume. For volumes in a backup data file, the position
- numbers start with 1 and do not usually increment only by one, because each is the ordinal of the 16 KB offset in the
- file at which the volume's data begins. The difference between the position numbers therefore indicates how many 16 KB
- blocks each volume's data occupies. For example, if the second volume is at position 5 and the third volume in the
- list is at position 9, that means that the dump of the second volume occupies 64 KB (four 16-KB blocks) of space in
- the file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Clone time</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->For a backup or read-only volume, the time at which it was cloned from its read/write source. For a Read/Write
- volume, it is the same as the dump creation date reported on the first line of the output.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Nbytes</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The number of bytes of data in the dump of the volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Volume</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The volume name, complete with <SAMP
-CLASS="computeroutput"
->.backup</SAMP
-> or
- <SAMP
-CLASS="computeroutput"
->.readonly</SAMP
-> extension if appropriate.</P
-></DD
-></DL
-></DIV
-></P
-><P
->If both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-> options are provided, the
- output is divided into several sections: <UL
-><LI
-><P
->The first section, headed by the underlined string <SAMP
-CLASS="computeroutput"
->Dump</SAMP
->, includes information
- about the entire dump. The fields labeled <SAMP
-CLASS="computeroutput"
->id</SAMP
->, <SAMP
-CLASS="computeroutput"
->level</SAMP
->,
- <SAMP
-CLASS="computeroutput"
->created</SAMP
->, and <SAMP
-CLASS="computeroutput"
->nVolumes</SAMP
-> report the same values (though
- in a different order) as appear on the first line of output when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument is
- provided by itself. Other fields of potential interest to the backup operator are: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Group id</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The dump's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->group ID number</I
-></SPAN
->, which is recorded in the dump's Backup Database record if
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->GROUPID</B
-></SPAN
-> instruction appears in the Tape Coordinator's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup/CFG_</B
-></SPAN
->tcid file when the dump is created.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->maxTapes</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The number of tapes that contain the dump set to which this dump belongs.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Start Tape Seq</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The ordinal of the tape on which this dump begins in the set of tapes that contain the dump set.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->For each tape that contains data from this dump, there follows a section headed by the underlined string
- <SAMP
-CLASS="computeroutput"
->Tape</SAMP
->. The fields labeled <SAMP
-CLASS="computeroutput"
->name</SAMP
->,
- <SAMP
-CLASS="computeroutput"
->written</SAMP
->, and <SAMP
-CLASS="computeroutput"
->nVolumes</SAMP
-> report the same values (though
- in a different order) as appear on the second and third lines of output when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
->
- argument is provided by itself. Other fields of potential interest to the backup operator are: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->expires</SAMP
-></DT
-><DD
-><P
->The date and time when this tape can be recycled, because all dumps it contains have expired.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->nMBytes Data</SAMP
-> and <SAMP
-CLASS="computeroutput"
->nBytes Data</SAMP
-></DT
-><DD
-><P
->Summed together, these fields represent the total amount of dumped data actually from volumes (as opposed
- to labels, filemarks, and other markers).</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->KBytes Tape Used</SAMP
-></DT
-><DD
-><P
->The number of kilobytes of tape (or disk space, for a backup data file) used to store the dump data. It is
- generally larger than the sum of the values in the <SAMP
-CLASS="computeroutput"
->nMBytes Data</SAMP
-> and
- <SAMP
-CLASS="computeroutput"
->nBytes Data</SAMP
-> fields, because it includes the space required for the label, file
- marks and other markers, and because the Backup System writes data at 16 KB offsets, even if the data in a given
- block doesn't fill the entire 16 KB.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->For each volume on a given tape, there follows a section headed by the underlined string
- <SAMP
-CLASS="computeroutput"
->Volume</SAMP
->. The fields labeled <SAMP
-CLASS="computeroutput"
->name</SAMP
->,
- <SAMP
-CLASS="computeroutput"
->position</SAMP
->, <SAMP
-CLASS="computeroutput"
->clone</SAMP
->, and
- <SAMP
-CLASS="computeroutput"
->nBytes</SAMP
-> report the same values (though in a different order) as appear in the table that
- lists the volumes in each tape when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument is provided by itself. Other
- fields of potential interest to the backup operator are: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->id</SAMP
-></DT
-><DD
-><P
->The volume ID.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->tape</SAMP
-></DT
-><DD
-><P
->The name of the tape containing this volume data.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></UL
-></P
-><P
->The following example command displays the Backup Database records for the five most recent dump operations.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump 5</B
-></SPAN
->
- dumpid parentid lv created nt nvols dump name
- 924424000 0 0 04/18/1999 04:26 1 22 usr.sun (924424000)
- 924685000 924424000 1 04/21/1999 04:56 1 62 usr.wed (924424000)
- 924773000 924424000 1 04/22/1999 05:23 1 46 usr.thu (924424000)
- 924860000 924424000 1 04/23/1999 05:33 1 58 usr.fri (924424000)
- 925033000 0 0 04/25/1999 05:36 2 73 sys.week
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ304"
->To display a volume's dump history</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volinfo</B
-></SPAN
-> command to display a volume's dump history.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volinfo</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume name</I
-></SPAN
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->voli</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volinfo</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume for which to display the dump history. If you dumped the backup or read-only version of the
- volume, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
->
- extension.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The output includes a line for each Backup Database dump record that mentions the specified volume, order from most to
- least recent. The output for each record appears in a table with six columns: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->dumpID</SAMP
-></DT
-><DD
-><P
->The dump ID of the dump that includes the volume.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->lvl</SAMP
-></DT
-><DD
-><P
->The depth in the dump hierarchy of the dump level at which the volume was dumped. A value of
- <SAMP
-CLASS="computeroutput"
->0</SAMP
-> indicates a full dump. A value of <SAMP
-CLASS="computeroutput"
->1</SAMP
-> or greater
- indicates an incremental dump made at the specified depth in the dump hierarchy.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->parentid</SAMP
-></DT
-><DD
-><P
->The dump ID of the dump's parent dump. A value of <SAMP
-CLASS="computeroutput"
->0</SAMP
-> indicates a full dump,
- which has no parent; in this case, the value in the <SAMP
-CLASS="computeroutput"
->lvl</SAMP
-> column is also
- <SAMP
-CLASS="computeroutput"
->0</SAMP
->.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->creation date</SAMP
-></DT
-><DD
-><P
->The date and time at which the Backup System started the dump operation that created the dump.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->clone date</SAMP
-></DT
-><DD
-><P
->For a backup or read-only volume, the time at which it was cloned from its read/write source. For a read/write
- volume, the same as the value in the <SAMP
-CLASS="computeroutput"
->creation date</SAMP
-> field.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->tape name</SAMP
-></DT
-><DD
-><P
->The name of the tape containing the dump: either the permanent tape name, or an AFS tape name in the format
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume_set_name</I
-></SPAN
->.<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump_level_name</I
-></SPAN
->.<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->tape_index</I
-></SPAN
-> where
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume_set_name</I
-></SPAN
-> is the name of the volume set associated with the initial dump in the dump set of
- which this tape is a part; <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump_level_name</I
-></SPAN
-> is the name of the dump level at which the initial
- dump was backed up; <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->tape_index</I
-></SPAN
-> is the ordinal of the tape in the dump set. Either type of name
- can be followed by a dump ID in parentheses; if it appears, it is the dump ID of the initial dump in the dump set to
- which this appended dump belongs.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The following example shows part of the dump history of the backup volume <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.smith.backup</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volinfo user.smith.backup</B
-></SPAN
->
- DumpID lvl parentID creation date clone date tape name
- 924600000 1 924427600 04/20/1999 05:20 04/20/1999 05:01 user_incr_2 (924514392)
- 924514392 1 924427600 04/19/1999 05:33 04/19/1999 05:08 user_incr_2
- 924427600 0 0 04/18/1999 05:26 04/18/1999 04:58 user_full_6
- . . . . . . . .
- . . . . . . . .
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ305"
->To scan the contents of a tape</A
-></H2
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The ability to scan a tape that is corrupted or damaged depends on the extent of the damage and what type of data is
- corrupted. The Backup System can almost always scan the tape successfully up to the point of damage. If the damage is minor,
- the Backup System can usually skip over it and scan the rest of the tape, but more major damage can prevent further
- scanning. A scanning operation does not have to begin with the first tape in a dump set, but the Backup System can process
- tapes only in sequential order after the initial tape provided. Therefore, damage on one tape does not prevent scanning of
- the others in the dump set, but it is possible to scan either the tapes that precede the damaged one or the ones that follow
- it, not both.</P
-></BLOCKQUOTE
-></DIV
-><P
->If you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dbadd</B
-></SPAN
-> flag to scan information into the Backup Database and the first
- tape you provide is not the first tape in the dump set, the following restrictions apply: <UL
-><LI
-><P
->If the first data on the tape is a continuation of a volume that begins on the previous (unscanned) tape in the
- dump set, the Backup System does not add a record for that volume to the Backup Database.</P
-></LI
-><LI
-><P
->The Backup System must read the marker that indicates the start of an appended dump to add database records for
- the volumes in it. If the first volume on the tape belongs to an appended dump, but is not immediately preceded by the
- appended-dump marker, the Backup System does not create a Backup Database record for it or any subsequent volumes that
- belong to that appended dump.</P
-></LI
-></UL
-> <OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the Tape Coordinator for the tape device that is to perform the operation is not already running, open a
- connection to the appropriate Tape Coordinator machine and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, for
- which complete instructions appear in <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape Coordinator process</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->port offset</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->]
-</PRE
-></P
-></LI
-><LI
-><P
->If scanning a tape, place it in the drive.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command to read the contents of the tape.
- <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scantape</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dbadd</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sc</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scantape</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dbadd</B
-></SPAN
-></DT
-><DD
-><P
->Constructs dump and tape records from the tape and dump labels in the dump and writes them into the Backup
- Database.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TC port offset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the port offset number of the Tape Coordinator process that is handling the operation. You must
- provide this argument unless the default value of 0 (zero) is appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you did not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag when you issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, or the device's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name configuration file
- includes the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY YES</B
-></SPAN
-> instruction, then the Tape Coordinator prompts
- you to place the tape in the device's drive. You have already done so, but you must now press <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Return</B
-></SPAN
->> to indicate that the tape is ready for reading.</P
-></LI
-></OL
-></P
-><P
->To terminate a tape scanning operation, use a termination signal such as <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->>, or issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
-> command in interactive mode. It
- is best not to interrupt the scan if you included the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dbadd</B
-></SPAN
-> argument. If the Backup System
- has already written new records into the Backup Database, then you must remove them before rerunning the scanning operation.
- If during the repeated scan operation the Backup System finds that a record it needs to create already exists, it halts the
- operation.</P
-><P
->For each dump on the tape, the output in the Tape Coordinator window displays the dump label followed by an entry for
- each volume. There is no output in the command window. The dump label has the same fields as the tape label displayed by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup readlabel</B
-></SPAN
-> command, as described in <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape
- Labels</A
->. Or see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
-> for a detailed description of the fields in
- the output.</P
-><P
->The following example shows the dump label and first volume entry on the tape in the device that has port offset
- 2:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape 2</B
-></SPAN
->
- -- Dump label --
- tape name = monthly_guest
- AFS tape name = guests.monthly.3
- creationTime = Mon Feb 1 04:06:40 1999
- cell = abc.com
- size = 2150000 Kbytes
- dump path = /monthly
- dump id = 917860000
- useCount = 44
- -- End of dump label --
- -- volume --
- volume name: user.guest10.backup
- volume ID 1937573829
- dumpSetName: guests.monthly
- dumpID 917860000
- level 0
- parentID 0
- endTime 0
- clonedate Mon Feb 1 03:03:23 1999
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ306"
->Restoring and Recovering Data</A
-></H1
-><P
->The purpose of making backups is to enable you to recover when data becomes corrupted or is removed accidentally,
- returning the data to a coherent past state. The AFS Backup System provides three commands that restore varying numbers of
- volumes: <UL
-><LI
-><P
->To restore one or more volumes to a single site (partition on an AFS file server machine), use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->To restore one or more volumes that are defined as a volume set, each to a specified site, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->To restore an entire partition (that is, all of the volumes that the VLDB lists as resident on it), use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
-> command.</P
-></LI
-></UL
-></P
-><P
->The commands are suited to different purposes because they vary in the combinations of features they offer and in the
- requirements they impose. To decide which is appropriate for a specific restore operation, see the subsequent sections of this
- introduction: <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->, <A
-HREF="c15383.html#HDRWQ310"
->Using the backup
- diskrestore Command</A
->, and <A
-HREF="c15383.html#HDRWQ312"
->Using the backup volsetrestore Command</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ307"
->Making Restore Operations More Efficient</A
-></H2
-><P
->The following comments apply to all types of restore operation: <UL
-><LI
-><P
->The Backup System begins by restoring the most recent full dump of a volume. As it restores subsequent incremental
- dumps, it alters the data in the full dump appropriately, essentially repeating the volume's change history. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-> commands
- always restore all incremental dumps, bringing a volume to its state at the time of the most recent incremental dump.
- You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
-> command to return a volume to its state at a
- specified time in the past, by not restoring the data from incremental dumps performed after that time.</P
-></LI
-><LI
-><P
->The Backup System sets a restored volume's creation date to the date and time of the restore operation. The
- creation date appears in the <SAMP
-CLASS="computeroutput"
->Creation</SAMP
-> field of the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> commands.</P
-></LI
-><LI
-><P
->When identifying the volumes to restore, it is best to specify the base (read/write) name. In this case, the
- Backup System searches the Backup Database for the most recent dump set that includes data from either the read/write or
- backup version of the volume, and restores dumps of that volume starting with the most recent full dump. If you include
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension on the volume name,
- the Backup System restores dumps of that version only. If it cannot find data dumped from that version, it does not
- perform the restoration even if another version was dumped.</P
-></LI
-><LI
-><P
->All three restoration commands accept the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-> option, which generates a list of
- the volumes to be restored and the tapes or backup data files that contain the necessary dumps, without actually
- restoring data to AFS server partitions. This enables you to gather together the tapes before beginning the restore
- operation, even preloading them into a stacker or jukebox if you are using one.</P
-></LI
-><LI
-><P
->If you back up AFS data to tape, restoration is simplest if all of your tape devices are compatible, meaning that
- they can read the same type of tape, at the same compression ratios, and so on. (This suggestion also appears in <A
-HREF="c15383.html#HDRWQ297"
->Making Backup Operations More Efficient</A
->, because by the time you need to restore data it is
- too late to implement it.) You can still restore multiple volumes with a single command even if data was backed up using
- incompatible devices, because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> argument to all three restoration
- commands accepts multiple values. However, the Backup System uses the first port offset listed when restoring the full
- dump of each volume, the next port offset when restoring the level 1 incremental dump of each volume, and so on. If you
- did not use a compatible tape device when creating the full dump of every volume (and at each incremental level too),
- you cannot restore multiple volumes with a single command. You must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volrestore</B
-></SPAN
-> command to restore one volume at a time, or use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volsetrestore</B
-></SPAN
-> command after defining volume sets that group volumes according to the tape device used to dump
- them.</P
-></LI
-><LI
-><P
->During a restore operation, the Backup System uses instructions in the relevant <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name configuration file in much the same way as during a dump operation, as described
- in <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
->. It uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNMOUNT</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BUFFERSIZE</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FILE</B
-></SPAN
-> instructions just as for a dump
- operation. A difference for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BUFFERSIZE</B
-></SPAN
-> instruction is that the default buffer size
- overridden by the instruction is 32 KB for restore operations rather than the 16 KB used for dump operations. The Backup
- System does not use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NAME_CHECK</B
-></SPAN
-> instruction at all during restore operations. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ASK</B
-></SPAN
-> instruction controls whether the Backup System prompts you if it cannot restore a
- volume for any reason. If the setting is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NO</B
-></SPAN
->, it skips the problematic volume and
- restores as many of the other volumes as possible.</P
-></LI
-><LI
-><P
->Do not perform a restore operation when you know that there are network, machine, or server process problems that
- can prevent the Backup System from accessing volumes or the VLDB. Although the Backup System automatically makes a
- number of repeated attempts to restore a volume, the restore operation takes extra time and in some cases stops
- completely to prompt you for instructions on how to continue.</P
-></LI
-><LI
-><P
->Avoid halting a restore operation (for instance by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) kill</B
-></SPAN
->
- command in interactive mode). If a restore operation is interrupted for any reason, including causes outside your
- control, reissue the same restoration command as soon as is practical; if an outage or other problem caused the
- operation to halt, do not continue until the system returns to normal.</P
-><P
->Any volume that is completely restored when the operation halts is online and usable, but very few volumes are
- likely to be in this state. When restoring multiple volumes at once, the Backup System restores the full dump of every
- volume before beginning the level 1 incremental restore for any of them, and so on, completing the restore of every
- volume at a specific incremental level before beginning to restore data from the next incremental level. Unless a volume
- was dumped at fewer incremental levels than others being restored as part of the same operation, it is unlikely to be
- complete.</P
-><P
->It is even more dangerous to interrupt a restore operation if you are overwriting the current contents of the
- volume. Depending on how far the restore operation has progressed, it is possible that the volume is in such an
- inconsistent state that the Backup System removes it entirely. The data being restored is still available on tape or in
- the backup data file, but you must take extra steps to re-create the volume.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ308"
->Using the backup volrestore Command</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
-> command is most appropriate when you need to restore a few
- volumes to a single site (partition on a file server machine). By default, it restores the volumes to their state at the time
- of the most recent dump operation (this is termed a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->full restore</I
-></SPAN
->). You can also use the command to
- perform a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->date-specific restore</I
-></SPAN
->, which restores only the dumps (full and incremental) performed before a
- specified date and time, leaving the volume in the state it was in at the time of the final relevant incremental dump. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-> commands can
- only perform full restores.</P
-><P
->You can restore data into a new copy of each volume rather than overwriting the current version, by including the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-> argument. After mounting the new volume in the filespace, you can compare the
- contents of the two and decide which to keep permanently.</P
-><P
->The following list summarizes how to combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
-> command's arguments
- to restore a volume in different ways: <UL
-><LI
-><P
->To perform a date-specific restore as described just previously, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-date</B
-></SPAN
->
- argument to specify the date and optionally time. The Backup System restores the most recent full dump and each
- subsequent incremental dump for which the clone date of the volume included in the dump is before the indicated date and
- time (for a definition of the clone date, see Step <A
-HREF="c15383.html#LIBKOV-CLONEDATE"
->4</A
-> in <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
->). You can combine this argument with
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-> argument to place the date-specific restore in a new volume.</P
-></LI
-><LI
-><P
->To move a volume to a new site as you overwrite its contents with the restored data, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments, singly or in combination, to
- specify the new site rather than the current site. The Backup System creates a new volume at that site, removes the
- existing volume, and updates the site information in the volume's VLDB entry. The volume's backup version is not removed
- automatically from the original site, if it exists. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> command to
- remove it and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command to create a backup version at the new site.</P
-></LI
-><LI
-><P
->To create a new volume to house the restored data, rather than overwriting an existing volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-> argument. The Backup System creates the new volume on the server and partition named
- by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments, derives its
- name by adding the extension to the name specified with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument, and
- creates a new VLDB entry for it. The command does not affect the existing volume in any way. However, if a volume with
- the specified extension also already exists, the command overwrites it. To make the contents of the new volume
- accessible, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to mount it. You can then compare its contents
- to those of the existing volume, to see which to retain permanently.</P
-></LI
-><LI
-><P
->To restore a volume that no longer exists on an AFS server partition, but for which you have backed up data,
- specify the name of the new volume with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument and use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments to place it at the desired
- site. The Backup System creates a new volume and new VLDB entry.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ309"
->To restore volumes with the backup volrestore command</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the Tape Coordinator for the tape device that is to perform the operation is not already running, open a
- connection to the appropriate Tape Coordinator machine and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, for
- which complete instructions appear in <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape Coordinator process</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->port offset</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->]
-</PRE
-></P
-><P
->Repeat the command for each Tape Coordinator if you are using more than one tape device.</P
-></LI
-><LI
-><P
->If using a tape device, insert the tape.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volrestore</B
-></SPAN
-> command with the desired arguments. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volrestore</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->destination machine</I
-></SPAN
->> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->destination partition</I
-></SPAN
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume(s) to restore</I
-></SPAN
->>+ \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->new volume name extension</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-date</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->date from which to restore</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offsets</I
-></SPAN
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volr</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volrestore</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->destination machine</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine on which to restore each volume. It does not have to be a volume's current
- site.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->destination partition</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition on which to restore each volume. It does not have to be a volume's current site.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-></DT
-><DD
-><P
->Names each volume to restore. It is best to provide the base (read/write) name, for the reasons discussed in
- <A
-HREF="c15383.html#HDRWQ307"
->Making Restore Operations More Efficient</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-></DT
-><DD
-><P
->Creates a new volume to house the restored data, with a name derived by appending the specified string to
- each volume named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> extension. The Backup System preserves the
- contents of the existing volume if it still exists. Do not use either of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extensions, which are reserved. The
- combination of base volume name and extension cannot exceed 22 characters in length. If you want a period to
- separate the extension from the name, specify it as the first character of the string (as in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.rst</B
-></SPAN
->, for example).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-date</B
-></SPAN
-></DT
-><DD
-><P
->Specifies a date and optionally time; the restored volume includes data from dumps performed before the date
- only. Provide a value in the format mm/dd/yyyy [hh:MM], where the required mm/dd/yyyy portion indicates the month
- (mm), day (dd), and year (yyyy), and the optional hh:MM portion indicates the hour and minutes in 24-hour format
- (for example, the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->14:36</B
-></SPAN
-> represents 2:36 p.m.). If omitted, the time
- defaults to 59 seconds after midnight (00:00:59 hours).</P
-><P
->Valid values for the year range from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1970</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2037</B
-></SPAN
->; higher values are not valid because the latest possible date in the standard UNIX
- representation is in February 2038. The command interpreter automatically reduces any later date to the maximum
- value.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->A plus sign follows this argument in the command's syntax statement because it accepts a multiword value
- which does not need to be enclosed in double quotes or other delimiters, not because it accepts multiple dates.
- Provide only one date (and optionally, time) definition.</P
-></BLOCKQUOTE
-></DIV
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more port offset numbers, each corresponding to a Tape Coordinator to use in the operation.
- If there is more than one value, the Backup System uses the first one when restoring the full dump of each volume,
- the second one when restoring the level 1 incremental dump of each volume, and so on. It uses the final value in
- the list when restoring dumps at the corresponding depth in the dump hierarchy and all dumps at lower
- levels.</P
-><P
->Provide this argument unless the default value of 0 (zero) is appropriate for all dumps. If 0 is just one of
- the values in the list, provide it explicitly in the appropriate order.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-></DT
-><DD
-><P
->Displays the list of tapes that contain the dumps required by the restore operation, without actually
- performing the operation.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you did not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag when you issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, or the device's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name configuration file
- includes the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY YES</B
-></SPAN
->, then the Tape Coordinator prompts you to place
- the tape in the device's drive. You have already done so, but you must now press <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Return</B
-></SPAN
->> to indicate that the tape is ready for labeling.</P
-><P
->If more than one tape is required, you must either include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file and stock the corresponding stacker or jukebox with tapes, or
- remain at the console to respond to the Tape Coordinator's prompts for subsequent tapes.</P
-></LI
-><LI
-><P
->After the restore operation completes, review the Backup System's log files to check for errors. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> command as instructed in <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log
- Files</A
-> to read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/BackupLog</B
-></SPAN
-> file, and a text editor on the Tape
- Coordinator machine to read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TE_</B
-></SPAN
->device_name and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TL_</B
-></SPAN
->device_name files in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
->
- directory.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ310"
->Using the backup diskrestore Command</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
-> command is most appropriate when you need to restore all of the
- volumes on an AFS server partition, perhaps because a hardware failure has corrupted or destroyed all of the data. The command
- performs a full restore of all of the read/write volumes for which the VLDB lists the specified partition as the current site,
- using the dumps of either the read/write or backup version of each volume depending on which type was dumped more recently.
- (You can restore any backup or read-only volumes that resided on the partition by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- backup</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> commands after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- diskrestore</B
-></SPAN
-> operation is complete.)</P
-><P
->By default, the Backup System restores the volumes to the site they previously occupied. To move the partition contents
- to a different site, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newserver</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newpartition</B
-></SPAN
->
- arguments, singly or in combination.</P
-><P
->By default, the Backup System overwrites the contents of existing volumes with the restored data. To create a new volume
- to house the restored data instead, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-> argument. The Backup System creates
- the new volume at the site designated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newserver</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newpartition</B
-></SPAN
-> arguments if they are used or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments otherwise. It derives the volume name by adding the extension to the read/write
- base name listed in the VLDB, and creates a new VLDB entry. The command does not affect the existing volume in any way.
- However, if a volume with the specified extension also already exists, the command overwrites it.</P
-><P
->If a partition seems damaged, be sure not to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> command before the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
-> command. As noted, the Backup System restores volumes according to VLDB
- site definitions. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> command sometimes removes a volume's VLDB entry when the
- corruption on the partition is so severe that the Volume Server cannot confirm the volume's presence.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ311"
->To restore a partition with the backup diskrestore command</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the Tape Coordinator for the tape device that is to perform the operation is not already running, open a
- connection to the appropriate Tape Coordinator machine and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, for
- which complete instructions appear in <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape Coordinator process</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->port offset</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->]
-</PRE
-></P
-><P
->Repeat the command for each Tape Coordinator if you are using more than one tape device.</P
-></LI
-><LI
-><P
->If using a tape device, insert the tape.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
-> command with the desired arguments. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->diskrestore</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine to restore</I
-></SPAN
->> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->partition to restore</I
-></SPAN
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newserver</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->destination machine</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newpartition</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->destination partition</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->new volume name extension</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->di</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->diskrestore</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine to restore</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine that the VLDB lists as the site of the volumes that need to be
- restored.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition to restore</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition that the VLDB lists as the site of the volumes that need to be restored.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more port offset numbers, each corresponding to a Tape Coordinator to use in the operation.
- If there is more than one value, the Backup System uses the first one when restoring the full dump of each volume,
- the second one when restoring the level 1 incremental dump of each volume, and so on. It uses the final value in
- the list when restoring dumps at the corresponding depth in the dump hierarchy and all dumps at lower
- levels.</P
-><P
->Provide this argument unless the default value of 0 (zero) is appropriate for all dumps. If 0 is just one of
- the values in the list, provide it explicitly in the appropriate order.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newserver</B
-></SPAN
-></DT
-><DD
-><P
->Names an alternate file server machine to which to restore the volumes. If you omit this argument, the
- volumes are restored to the file server machine named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->
- argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newpartition</B
-></SPAN
-></DT
-><DD
-><P
->Names an alternate partition to which to restore the data. If you omit this argument, the volumes are
- restored to the partition named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-></DT
-><DD
-><P
->Creates a new volume for each volume being restored, to house the restored data, appending the specified
- string to the volume's read/write base name as listed in the VLDB. Any string other than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> is acceptable, but the combination of
- the base name and extension cannot exceed 22 characters in length. To use a period to separate the extension from
- the name, specify it as the first character of the string (as in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.rst</B
-></SPAN
->, for
- example).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-></DT
-><DD
-><P
->Displays a list of the tapes necessary to perform the requested restore, without actually performing the
- operation.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you did not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag when you issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, or the device's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name configuration file
- includes the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY YES</B
-></SPAN
->, then the Tape Coordinator prompts you to place
- the tape in the device's drive. You have already done so, but you must now press <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Return</B
-></SPAN
->> to indicate that the tape is ready for labeling.</P
-><P
->If more than one tape is required, you must either include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file and stock the corresponding stacker or jukebox with tapes, or
- remain at the console to respond to the Tape Coordinator's prompts for subsequent tapes.</P
-></LI
-><LI
-><P
->After the restore operation completes, review the Backup System's log files to check for errors. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> command as instructed in <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log
- Files</A
-> to read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/BackupLog</B
-></SPAN
-> file, and a text editor on the Tape
- Coordinator machine to read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TE_</B
-></SPAN
->device_name and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TL_</B
-></SPAN
->device_name files in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
->
- directory.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ312"
->Using the backup volsetrestore Command</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-> command is most appropriate when you need to perform a full
- restore of several read/write volumes, placing each at a specified site. You specify the volumes to restore either by naming a
- volume set with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument or by listing each volume's name and restoration site in a
- file named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument, as described in the following sections.</P
-><P
->Because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-> command enables you to restore a large number of
- volumes with a single command, the restore operation can potentially take hours to complete. One way to reduce the time is to
- run multiple instances of the command simultaneously. Either use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument to
- specify disjoint volume sets for each command, or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument to name files that list
- different volumes. You must have several Tape Coordinators available to read the required tapes. Depending on how the volumes
- to be restored were dumped to tape, specifying disjoint volume sets can also reduce the number of tape changes
- required.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ313"
->Restoring a Volume Set with the -name Argument</A
-></H3
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument to restore a group of volumes defined in a volume set. The
- Backup System creates a list of the volumes in the VLDB that match the server, partition, and volume name criteria defined
- in the volume set's volume entries, and for which dumps are available. The volumes do not have to exist on the server
- partition as long as the VLDB still lists them (this can happen when, for instance, a hardware problem destroys the contents
- of an entire disk).</P
-><P
->By default, the Backup System restores, as a read/write volume, each volume that matches the volume set criteria to
- the site listed in the VLDB. If a volume of the matching name exists at that site, its current contents are overwritten. You
- can instead create a new volume to house the restored data by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
->
- argument. The Backup System creates the new volume at the existing volume's site, derives its name by adding the extension
- to the existing volume's read/write base name, and creates a new VLDB entry for it. The command does not affect the existing
- volume in any way. However, if a volume with the specified extension also already exists, the command overwrites it. To make
- the contents of the new volume accessible, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to mount it. You can
- then compare its contents to those of the existing volume, to see which to retain permanently.</P
-><P
->It is not required that the volume set was previously used to back up volumes (was used as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volumeset</B
-></SPAN
-> option to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> command). It can be defined
- especially to match the volumes that need to be restored with this command, and that is usually the better choice. Indeed, a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->temporary</I
-></SPAN
-> volume set, created by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-temporary</B
-></SPAN
-> flag to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup addvolset</B
-></SPAN
-> command, can be especially useful in this context (instructions appear in
- <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->). A temporary volume set is not added
- to the Backup Database and exists only during the current interactive backup session, which is suitable if the volume set is
- needed only to complete the single restore operation initialized by this command.</P
-><P
->The reason that a specially defined volume set is probably better is that volume sets previously defined for use in
- dump operations usually match the backup version of volumes, whereas for a restore operation it is best to define volume
- entries that match the base (read/write) name. In this case, the Backup System searches the Backup Database for the newest
- dump set that includes a dump of either the read/write or the backup version of the volume. If, in contrast, a volume entry
- explicitly matches the volume's backup or read-only version, the Backup System uses dumps of that volume version only,
- restoring them to a read/write volume by stripping off the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension.</P
-><P
->If there are VLDB entries that match the volume set criteria, but for which there are no dumps recorded in the Backup
- Database, the Backup System cannot restore them. It generates an error message on the standard error stream for each
- one.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ314"
->Restoring Volumes Listed in a File with the -file Argument</A
-></H3
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument to specify the name and site of each read/write volume to
- restore. Each volume's entry must appear on its own (unbroken) line in the file, and comply with the following
- format:</P
-><PRE
-CLASS="programlisting"
-> machine partition volume [comments...]
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine to which to restore the volume. You can move the volume as you restore it by
- naming a machine other than the current site.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition to which to restore the volume. You can move the volume as you restore it by naming a
- partition other than the current site.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume to restore. Specify the base (read/write) name to have the Backup System search the Backup
- Database for the newest dump set that includes a dump of either the read/write or the backup version of the volume.
- It restores the dumps of that version of the volume, starting with the most recent full dump. If, in contrast, you
- include the <SAMP
-CLASS="computeroutput"
->.backup</SAMP
-> or <SAMP
-CLASS="computeroutput"
->.readonly</SAMP
-> extension, the
- Backup System restores dumps of that volume version only, but into a read/write volume without the extension. The
- base name must match the name used in Backup Database dump records rather than in the VLDB, if they differ, because
- the Backup System does not consult the VLDB when you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->comments...</B
-></SPAN
-></DT
-><DD
-><P
->Is any other text. The Backup System ignores any text on each line that appears after the volume name, so you
- can use this field for helpful notes.</P
-></DD
-></DL
-></DIV
-></P
-><P
->Do not use wildcards (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.*</B
-></SPAN
->) in the machine, partition, or volume fields.
- It is acceptable for multiple lines in the file to name the same volume, but the Backup System processes only the first of
- them.</P
-><P
->By default, the Backup System replaces the existing version of each volume with the restored data, placing the volume
- at the site specified in the machine and partition fields. You can instead create a new volume to house the restored
- contents by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-> argument. The Backup System creates a new volume at
- the site named in the machine and partition fields, derives its name by adding the specified extension to the read/write
- version of the name in the volume field, and creates a new VLDB entry for it. The command does not affect the existing
- volume in any way. However, if a volume with the specified extension also already exists, the command overwrites it. To make
- the contents of the new volume accessible, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to mount it. You can
- then compare its contents to those of the existing volume, to see which to retain permanently.</P
-><P
->If the file includes entries for volumes that have no dumps recorded in the Backup Database, the Backup System cannot
- restore them. It generates an error message on the standard error stream for each one.</P
-><P
->One way to generate a file to use as input to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument is to issue the
- command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-> options and direct the
- output to a file. The output includes a line like the following for each volume (shown here on two lines only for legibility
- reasons); the value comes from the source indicated in the following list:</P
-><PRE
-CLASS="programlisting"
-> machine partition volume_dumped # as volume_restored; \
- tape_name (tape_ID); pos position_number; date
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine that currently houses the volume, as listed in the VLDB.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition that currently houses the volume, as listed in the VLDB.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume_dumped</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the version (read/write or backup) of the volume that was dumped, as listed in the Backup
- Database.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume_restored</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name under which the Backup System restores the volume when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-> flag is not included. If you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
->
- argument with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-> options, then the
- extension appears on the name in this field (as in <SAMP
-CLASS="computeroutput"
->user.pat.rst</SAMP
->, for
- example).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tape_name</B
-></SPAN
-></DT
-><DD
-><P
->Names the tape containing the dump of the volume, from the Backup Database. If the tape has a permanent name,
- it appears here; otherwise, it is the AFS tape name.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tape_ID</B
-></SPAN
-></DT
-><DD
-><P
->The tape ID of the tape containing the dump of the volume, from the Backup Database.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->position_number</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the dump's position on the tape (for example, <SAMP
-CLASS="computeroutput"
->31</SAMP
-> indicates that 30
- volume dumps precede the current one on the tape). If the dump was written to a backup data file, this number is the
- ordinal of the 16 KB-offset at which the volume's data begins.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->date</B
-></SPAN
-></DT
-><DD
-><P
->The date and time when the volume was dumped.</P
-></DD
-></DL
-></DIV
-></P
-><P
->To make the entries suitable for use with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument, edit them as indicated:
- <UL
-><LI
-><P
->The Backup System uses only the first three fields on each line of the input file, and so ignores all the fields
- after the number sign (<SAMP
-CLASS="computeroutput"
->#</SAMP
->). You can remove them if it makes it easier for you to read
- the file, but that is not necessary.</P
-></LI
-><LI
-><P
->The volume_dumped (third) field of each line in the output file becomes the volume field in the input file. The
- Backup System restores data to read/write volumes only, so remove the <SAMP
-CLASS="computeroutput"
->.backup</SAMP
-> or
- <SAMP
-CLASS="computeroutput"
->.readonly</SAMP
-> extension if it appears on the name in the volume_dumped field.</P
-></LI
-><LI
-><P
->The output file includes a line for every dump operation in which a specific volume was included (the full dump
- and any incremental dumps), but the Backup System only processes the first line in the input file that mentions a
- specific volume. You can remove the repeated lines if it makes the file easier for you to read.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine</I
-></SPAN
-> and <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->partition</I
-></SPAN
-> fields on an output line designate the
- volume's current site. To move the volume to another location as you restore it, change the values.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ315"
->To restore a group of volumes with the backup volsetrestore command</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the Tape Coordinator for the tape device that is to perform the operation is not already running, open a
- connection to the appropriate Tape Coordinator machine and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, for
- which complete instructions appear in <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape Coordinator process</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->port offset</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->]
-</PRE
-></P
-><P
->Repeat the command for each Tape Coordinator if you are using more than one tape device.</P
-></LI
-><LI
-><P
->If using a tape device, insert the tape.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter interactive mode. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> If appropriate, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup)
- addvolset</B
-></SPAN
-> command to create a new volume set expressly for this restore operation. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-temporary</B
-></SPAN
-> flag if you do not need to add the volume set to the Backup Database. Then issue one or
- more <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) addvolentry</B
-></SPAN
-> commands to create volume entries that include only the volumes
- to be restored. Complete instructions appear in <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume
- Entries</A
->. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvolset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume set name</I
-></SPAN
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-temporary</B
-></SPAN
->]
- backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addvolentry -name</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume set name</I
-></SPAN
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->partition name</I
-></SPAN
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volumes</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume name (regular expression)</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup volsetrestore</B
-></SPAN
-> command with the desired arguments. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volsetrestore</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume set name</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->file name</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->new volume name extension</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-></DT
-><DD
-><P
->Names a volume set to restore. The Backup System restores all of the volumes listed in the VLDB that match
- the volume set's volume entries, as described in <A
-HREF="c15383.html#HDRWQ313"
->Restoring a Volume Set with the -name
- Argument</A
->. Provide this argument or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument, but not
- both.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the full pathname of a file that lists one or more volumes and the site (file server machine and
- partition) to which to restore each. The input file has the format described in <A
-HREF="c15383.html#HDRWQ314"
->Restoring
- Volumes Listed in a File with the -file Argument</A
->. Use either this argument or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument, but not both.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more port offset numbers, each corresponding to a Tape Coordinator to use in the operation.
- If there is more than one value, the Backup System uses the first one when restoring the full dump of each volume,
- the second one when restoring the level 1 incremental dump of each volume, and so on. It uses the final value in
- the list when restoring dumps at the corresponding depth in the dump hierarchy and all dumps at lower
- levels.</P
-><P
->Provide this argument unless the default value of 0 (zero) is appropriate for all dumps. If 0 is just one of
- the values in the list, provide it explicitly in the appropriate order.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extension</B
-></SPAN
-></DT
-><DD
-><P
->Creates a new volume for each volume being restored, to house the restored data, appending the specified
- string to the volume's read/write base name as listed in the VLDB. Any string other than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> is acceptable, but the combination of
- the base name and extension cannot exceed 22 characters in length. To use a period to separate the extension from
- the name, specify it as the first character of the string (as in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.rst</B
-></SPAN
->, for
- example).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-n</B
-></SPAN
-></DT
-><DD
-><P
->Displays a list of the volumes to be restored when the flag is not included, without actually restoring
- them. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Output</B
-></SPAN
-> section of this reference page details the format of the output.
- When combined with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument, its output is easily edited for use as
- input to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument on a subsequent <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volsetrestore</B
-></SPAN
-> command.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you did not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
-> flag when you issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, or the device's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name configuration file
- includes the instruction <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AUTOQUERY YES</B
-></SPAN
->, then the Tape Coordinator prompts you to place
- the tape in the device's drive. You have already done so, but you must now press <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Return</B
-></SPAN
->> to indicate that the tape is ready for labeling.</P
-><P
->If more than one tape is required, you must either include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MOUNT</B
-></SPAN
-> instruction in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CFG_</B
-></SPAN
->device_name file and stock the corresponding stacker or jukebox with tapes, or
- remain at the console to respond to the Tape Coordinator's prompts for subsequent tapes.</P
-></LI
-><LI
-><P
->After the restore operation completes, review the Backup System's log files to check for errors. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> command as instructed in <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log
- Files</A
-> to read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/BackupLog</B
-></SPAN
-> file, and a text editor on the Tape
- Coordinator machine to read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TE_</B
-></SPAN
->device_name and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TL_</B
-></SPAN
->device_name files in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
->
- directory.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ316"
->Maintaining the Backup Database</A
-></H1
-><P
->The Backup Database stores all of the configuration and tracking information that the Backup System uses when dumping and
- restoring data. If a hardware failure or other problem on a database server machine corrupts or damages the database, it is
- relatively easy to recreate the configuration information (the dump hierarchy and lists of volume sets and Tape Coordinator port
- offset numbers). However, restoring the dump tracking information (dump records) is more complicated and time-consuming. To
- protect yourself against loss of data, back up the Backup Database itself to tape on a regular schedule.</P
-><P
->Another potential concern is that the Backup Database can grow large rather quickly, because the Backup System keeps very
- detailed and cross-referenced records of dump operations. Backup operations become less efficient if the Backup Server has to
- navigate through a large number of obsolete records to find the data it needs. To keep the database to a manageable size, use
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup deletedump</B
-></SPAN
-> command to delete obsolete records, as described in <A
-HREF="c15383.html#HDRWQ321"
->Removing Obsolete Records from the Backup Database</A
->. If you later find that you have removed records
- that you still need, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command to read the information from the
- dump and tape labels on the corresponding tapes back into the database, as instructed in <A
-HREF="c15383.html#HDRWQ305"
->To scan the
- contents of a tape</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ317"
->Backing Up and Restoring the Backup Database</A
-></H2
-><P
->Because of the importance of the information in the Backup Database, it is best to back it up to tape or other permanent
- media on a regular basis. As for the other AFS, administrative databases, the recommended method is to use a utility designed
- to back up a machine's local disk, such as the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tar</B
-></SPAN
-> command. For instructions, see <A
-HREF="c3025.html#HDRWQ107"
->Backing Up and Restoring the Administrative Databases</A
->.</P
-><P
->In the rare event that the Backup Database seems damaged or corrupted, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- dbverify</B
-></SPAN
-> command to check its status. If it is corrupted, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
->
- command to repair some types of damage. Then use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup restoredb</B
-></SPAN
-> to return the corrected
- database to the local disks of the database server machines. For instructions, see <A
-HREF="c15383.html#HDRWQ318"
->Checking for and
- Repairing Corruption in the Backup Database</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ318"
->Checking for and Repairing Corruption in the Backup Database</A
-></H2
-><P
->In rare cases, the Backup Database can become damaged or corrupted, perhaps because of disk or other hardware errors.
- Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dbverify</B
-></SPAN
-> command to check the integrity of the database. If it is corrupted,
- the most efficient way to repair it is to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> command to copy the database
- to tape. The command automatically repairs several types of corruption, and you can then use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- restoredb</B
-></SPAN
-> command to transfer the repaired copy of the database back to the local disks of the database server
- machines.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> command also removes <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->orphan blocks</I
-></SPAN
->, which are
- ranges of memory that the Backup Server preallocated in the database but cannot use. Orphan blocks do not interfere with
- database access, but do waste disk space. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dbverify</B
-></SPAN
-> command reports the existence
- of orphan blocks if you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-detail</B
-></SPAN
-> flag.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ319"
->To verify the integrity of the Backup Database</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dbverify</B
-></SPAN
-> command to check the integrity of the Backup Database.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dbverify</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-detail</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->db</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dbverify</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-detail</B
-></SPAN
-></DT
-><DD
-><P
->Reports the existence of orphan blocks and other information about the database, as described on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dbverify</B
-></SPAN
-> reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration
- Reference</I
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The output reports one of the following messages: <UL
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->Database OK</SAMP
-> indicates that the Backup Database is undamaged.</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->Database not OK</SAMP
-> indicates that the Backup Database is damaged. To recover
- from the problem, use the instructions in <A
-HREF="c15383.html#HDRWQ320"
->To repair corruption in the Backup
- Database</A
->.</P
-></LI
-></UL
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ320"
->To repair corruption in the Backup Database</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Log in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on each database server machine in the
- cell.</P
-></LI
-><LI
-><P
-><A
-NAME="LISAVEDB-STARTTC"
-></A
->If the Tape Coordinator for the tape device that is to perform the operation is not
- already running, open a connection to the appropriate Tape Coordinator machine and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> command, for which complete instructions appear in <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape
- Coordinator process</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->port offset</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noautoquery</B
-></SPAN
->]
-</PRE
-></P
-></LI
-><LI
-><P
->If writing to tape, place a tape in the appropriate device.</P
-></LI
-><LI
-><P
->Working on one of the machines, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter interactive mode.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup -localauth</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> constructs a server ticket from the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file. This flag enables you to issue a privileged command while logged in as
- the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> but without AFS administrative tokens.</P
-></LI
-><LI
-><P
->Verify that no backup operations are actively running. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup)
- status</B
-></SPAN
-> command as described in <A
-HREF="c15383.html#HDRWQ295"
->To check the status of a Tape Coordinator
- process</A
->. Repeat for each Tape Coordinator port offset in turn. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->status -portoffset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LISAVEDB-CMD"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) savedb</B
-></SPAN
-> command to repair corruption
- in the database as it is written to tape or a file. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savedb</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sa</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savedb</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the port offset number of the Tape Coordinator handling the tape or backup data file for this
- operation. You must provide this argument unless the default value of 0 (zero) is appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->Exit interactive mode. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quit</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->On each machine in turn, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos shutdown</B
-></SPAN
-> command to shut down the Backup
- Server process. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> flag because you are logged in as the local
- superuser root, but do not necessarily have administrative tokens. For complete command syntax, see <A
-HREF="c6449.html#HDRWQ168"
->To stop processes temporarily</A
->. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/bos shutdown</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver -localauth -wait</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->On each machine in turn, issue the following commands to remove the Backup Database. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd /usr/afs/db</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rm bdb.DB0</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rm bdb.DBSYS1</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->On each machine in turn, starting with the machine with the lowest IP address, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- start</B
-></SPAN
-> command to restart the Backup Server process, which creates a zero-length copy of the Backup Database as
- it starts. For complete command syntax, see <A
-HREF="c6449.html#HDRWQ166"
->To start processes by changing their status flags to
- Run</A
->. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/bos start</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver -localauth</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Working on one of the machines, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter interactive mode.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup -localauth</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> constructs a server ticket from the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) addhost</B
-></SPAN
-> command to create an entry in the new, empty database
- for the Tape Coordinator process handling the tape or file from which you are reading the repaired copy of the database
- (presumably the process you started in Step <A
-HREF="c15383.html#LISAVEDB-STARTTC"
->2</A
-> and which performed the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> operation in Step <A
-HREF="c15383.html#LISAVEDB-CMD"
->6</A
->). For complete syntax, see
- Step <A
-HREF="c12776.html#LICONFTC-ADDHOST"
->8</A
-> in <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->.
- <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addhost</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->tape machine name</I
-></SPAN
->> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>]
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(backup) restoredb</B
-></SPAN
-> command to copy the repaired database to the database
- server machines. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restoredb</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->TC port offset</I
-></SPAN
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->res</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restoredb</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-portoffset</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the port offset number of the Tape Coordinator handling the tape or backup data file for this
- operation. You must provide this argument unless the default value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) is
- appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Exit interactive mode if you do not plan to issue any additional
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quit</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> If desired, enter <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-d</B
-></SPAN
-> or another
- interrupt signal to exit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> shell on each database server machine. You can also
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
-> signal on the Tape Coordinator machine to stop the process.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ321"
->Removing Obsolete Records from the Backup Database</A
-></H2
-><P
->Whenever you recycle or relabel a tape using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dump</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup labeltape</B
-></SPAN
-> command, the Backup System automatically removes all of the dump records for the dumps
- contained on the tape and all other tapes in the dump set. However, obsolete records can still accumulate in the Backup
- Database over time. For example, when you discard a backup tape after using it the maximum number of times recommended by the
- manufacturer, the records for dumps on it remain in the database. Similarly, the Backup System does not automatically remove a
- dump's record when the dump reaches its expiration date, but only if you then recycle or relabel the tape that contains the
- dump. Finally, if a backup operation halts in the middle, the records for any volumes successfully written to tape before the
- halt remain in the database.</P
-><P
->A very large Backup Database can make backup operations less efficient because the Backup Server has to navigate through
- a large number of records to find the ones it needs. To remove obsolete records, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- deletedump</B
-></SPAN
-> command. Either identify individual dumps by dump ID number, or specify the removal of all dumps created
- during a certain time period. Keep in mind that you cannot remove the record of an appended dump except by removing the record
- of its initial dump, which removes the records of all associated appended dumps. Removing records of a dump makes it
- impossible to restore data from the corresponding tapes or from any dump that refers to the deleted dump as its parent,
- directly or indirectly. That is, restore operations must begin with the full dump and continue with each incremental dump in
- order. If you have removed the records for a specific dump, you cannot restore any data from later incremental dumps.</P
-><P
->Another way to truncate the Backup Database is to include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-archive</B
-></SPAN
-> argument to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> command. After a copy of the database is written to tape or to a backup data
- file, the Backup Server deletes the dump records for all dump operations with timestamps prior to the date and time you
- specify. However, issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup deletedump</B
-></SPAN
-> command with only the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-to</B
-></SPAN
-> argument is equivalent in effect and is simpler because it does not require starting a Tape
- Coordinator process as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> command does. For further information on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-archive</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup savedb</B
-></SPAN
-> command, see the
- command's reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->.</P
-><P
->If you later need to access deleted dump records, and the corresponding tapes still exist, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dbadd</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup scantape</B
-></SPAN
-> command to scan their contents
- into the database, as instructed in <A
-HREF="c15383.html#HDRWQ305"
->To scan the contents of a tape</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ322"
->To delete dump records from the Backup Database</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command to enter
- interactive mode, if you want to delete multiple records or issue additional commands. The interactive prompt appears in
- the following step. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-> command to
- list information from the Backup Database that can help you decide which records to delete. For detailed instructions, see
- <A
-HREF="c15383.html#HDRWQ303"
->To display dump records</A
->. <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dumpinfo</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->no. of dumps</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dump id</I
-></SPAN
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
->]
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup deletedump</B
-></SPAN
-> command to delete one or more dump sets.
- <PRE
-CLASS="programlisting"
-> backup> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->deletedump</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dumpid</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dumpid</I
-></SPAN
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-from</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->date time</I
-></SPAN
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-to</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->date time</I
-></SPAN
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dele</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->deletedump</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dumpid</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the dump ID of each initial dump to delete from the Backup Database. The records for all
- associated appended dumps are also deleted. Provide either this argument or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-to</B
-></SPAN
-> (and optionally, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-from</B
-></SPAN
->) argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-from</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the beginning of a range of dates; the record for any dump created during the indicated period of
- time is deleted.</P
-><P
->To omit all records before the time indicated with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-to</B
-></SPAN
-> argument, omit
- this argument. Otherwise provide a value in the following format</P
-><P
->mm/dd/yyyy [hh:MM]</P
-><P
->where the month (mm), day (dd), and year (yyyy) are required. You can omit the hour and minutes (hh:MM) to
- indicate the default of midnight (00:00 hours). If you provide them, use 24-hour format (for example, the value
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->14:36</B
-></SPAN
-> represents 2:36 p.m.).</P
-><P
->You must provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-to</B
-></SPAN
-> argument along with this one.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->A plus sign follows this argument in the command's syntax statement because it accepts a multiword value
- which does not need to be enclosed in double quotes or other delimiters, not because it accepts multiple dates.
- Provide only one date (and optionally, time) definition.</P
-></BLOCKQUOTE
-></DIV
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-to</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the end of a range of dates; the record of any dump created during the range is deleted from the
- Backup Database.</P
-><P
->To delete all records created after the date you specify with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-from</B
-></SPAN
->
- argument, specify the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NOW</B
-></SPAN
->. To delete every dump record in the Backup
- Database, provide the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NOW</B
-></SPAN
-> and omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-from</B
-></SPAN
-> argument. Otherwise, provide a date value in the same format as described for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-from</B
-></SPAN
-> argument. Valid values for the year (yyyy) range from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1970</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2037</B
-></SPAN
->; higher values are not valid because the
- latest possible date in the standard UNIX representation is in early 2038. The command interpreter automatically
- reduces any later date to the maximum value in 2038.</P
-><P
->If you omit the time portion (hh:MM), it defaults to 59 seconds after midnight (00:00:59 hours). Similarly,
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command interpreter automatically adds 59 seconds to any time value
- you provide. In both cases, adding 59 seconds compensates for how the Backup Database and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup dumpinfo</B
-></SPAN
-> command represent dump creation times in hours and minutes only. For
- example, the Database records a creation timestamp of <SAMP
-CLASS="computeroutput"
->20:55</SAMP
-> for any dump
- operation that begins between 20:55:00 and 20:55:59. Automatically adding 59 seconds to a time thus includes the
- records for all dumps created during that minute.</P
-><P
->Provide either this argument, or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dumpid</B
-></SPAN
-> argument. This argument is
- required if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-from</B
-></SPAN
-> argument is provided.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->A plus sign follows this argument in the command's syntax statement because it accepts a multiword value
- which does not need to be enclosed in double quotes or other delimiters, not because it accepts multiple dates.
- Provide only one date (and optionally, time) definition.</P
-></BLOCKQUOTE
-></DIV
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c12776.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c18360.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Configuring the AFS Backup System</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p3023.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Monitoring and Auditing AFS Performance</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Monitoring and Auditing AFS Performance</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing File Server Machines"
-HREF="p3023.html"><LINK
-REL="PREVIOUS"
-TITLE="Backing Up and Restoring AFS Data"
-HREF="c15383.html"><LINK
-REL="NEXT"
-TITLE="Managing Server Encryption Keys"
-HREF="c20494.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c15383.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c20494.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ323"
-></A
->Chapter 8. Monitoring and Auditing AFS Performance</H1
-><P
->AFS comes with three main monitoring tools: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program, which monitors and gathers statistics on File Server
- performance.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> command suite, which traces Cache Manager operations in detail.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program, which monitors and gathers statistics on both the File Server
- and the Cache Manager.</P
-></LI
-></UL
-></P
-><P
->AFS also provides a tool for auditing AFS events on file server machines running AIX.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ324"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN18400"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="70*"><COL
-WIDTH="30*"><TBODY
-><TR
-><TD
->Initialize the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display information about a trace log</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display information about an event set</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change the size of a trace log</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set the state of an event set</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Dump contents of a trace log</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Clear a trace log</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Initialize the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ326"
->Using the scout Program</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program monitors the status of the File Server process running on file server
- machines. It periodically collects statistics from a specified set of File Server processes, displays them in a graphical
- format, and alerts you if any of the statistics exceed a configurable threshold.</P
-><P
->More specifically, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program includes the following features. <UL
-><LI
-><P
->You can monitor, from a single location, the File Server process on any number of server machines from the local and
- foreign cells. The number is limited only by the size of the display window, which must be large enough to display the
- statistics.</P
-></LI
-><LI
-><P
->You can set a threshold for many of the statistics. When the value of a statistic exceeds the threshold, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program highlights it (displays it in reverse video) to draw your attention to it.
- If the value goes back under the threshold, the highlighting is deactivated. You control the thresholds, so highlighting
- reflects what you consider to be a noteworthy situation. See <A
-HREF="c18360.html#HDRWQ332"
->Highlighting Significant
- Statistics</A
->.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program alerts you to File Server process, machine, and network outages
- by highlighting the name of each machine that does not respond to its probe, enabling you to respond more quickly.</P
-></LI
-><LI
-><P
->You can set how often the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program collects statistics from the File Server
- processes.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ327"
->System Requirements</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program runs on any AFS client machine that has access to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->curses</B
-></SPAN
-> graphics package, which most UNIX distributions include as a standard utility. It can run on
- both dumb terminals and under windowing systems that emulate terminals, but the output looks best on machines that support
- reverse video and cursor addressing. For best results, set the TERM environment variable to the correct terminal type, or one
- with characteristics similar to the actual ones. For machines running AIX, the recommended TERM setting is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vt100</B
-></SPAN
->, assuming the terminal is similar to that. For other operating systems, the wider range of
- acceptable values includes <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xterm</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xterms</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vt100</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vt200</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->wyse85</B
-></SPAN
->.</P
-><P
->No privilege is required to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program, so any user who can access the
- directory where its binary resides (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/bin</B
-></SPAN
-> directory in the conventional
- configuration) can use it. The program's probes for collecting statistics do not impose a significant burden on the File
- Server process, but you can restrict its use by placing the binary file in a directory with a more restrictive access control
- list (ACL).</P
-><P
->Multiple instances of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program can run on a single client machine, each over
- its own dedicated connection (in its own window). It must run in the foreground, so the window in which it runs does not
- accept further input except for an interrupt signal.</P
-><P
->You can also run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program on several machines and view its output on a single
- machine, by opening telnet connections to the other machines from the central one and initializing the program in each remote
- window. In this case, you can include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> command to make the name of each remote machine appear in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->banner line</I
-></SPAN
-> at
- the top of the window displaying its output. See <A
-HREF="c18360.html#HDRWQ330"
->The Banner Line</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ328"
->Using the -basename argument to Specify a Domain Name</A
-></H2
-><P
->As previously mentioned, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program can monitor the File Server process on any
- number of file server machines. If all of the machines belong to the same cell, then their hostnames probably all have the
- same domain name suffix, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> in the ABC Corporation cell. In this case, you can
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> command, which has
- several advantages: <UL
-><LI
-><P
->You can omit the domain name suffix as you enter each file server machine's name on the command line. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program automatically appends the domain name to each machine's name, resulting
- in a fully-qualified hostname. You can omit the domain name suffix even when you don't include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument, but in that case correct resolution of the name depends on the state of your
- cell's naming service at the time of connection.</P
-></LI
-><LI
-><P
->The machine names are more likely to fit in the appropriate column of the display without having to be truncated
- (for more on truncating names in the display column, see <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display
- Region</A
->).</P
-></LI
-><LI
-><P
->The domain name appears in the banner line at the top of the display window to indicate the name of the cell you
- are monitoring.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ329"
->The Layout of the scout Display</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program can display statistics either in a dedicated window or on a plain
- screen if a windowing environment is not available. For best results, use a window or screen that can print in reverse video
- and do cursor addressing.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program screen has three main regions: the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->banner line</I
-></SPAN
->,
- the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->statistics display region</I
-></SPAN
-> and the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->probe/message</I
-></SPAN
-> line. This section describes
- their contents, and graphic examples appear in <A
-HREF="c18360.html#HDRWQ336"
->Example Commands and Displays</A
->.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ330"
->The Banner Line</A
-></H3
-><P
->By default, the string <SAMP
-CLASS="computeroutput"
->scout</SAMP
-> appears in the banner line at the top of the window or
- screen, to indicate that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program is running. You can display two additional types
- of information by include the appropriate option on the command line: <UL
-><LI
-><P
->Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-> flag to display the local machine's name in the banner line.
- This is particularly useful when you are running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program on several
- machines but displaying the results on a single machine.</P
-><P
->For example, the following banner line appears when you run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program
- on the machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->client1.abc.com</B
-></SPAN
-> and use the<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
->
- flag:</P
-><PRE
-CLASS="programlisting"
-> [client1.abc.com] scout
-</PRE
-></LI
-><LI
-><P
->Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument to display the specified cell domain name in the
- banner line. For further discussion, see <A
-HREF="c18360.html#HDRWQ328"
->Using the -basename argument to Specify a Domain
- Name</A
->.</P
-><P
->For example, if you specify a value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument, the banner line reads:</P
-><PRE
-CLASS="programlisting"
-> scout for abc.com
-</PRE
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ331"
->The Statistics Display Region</A
-></H3
-><P
->The statistics display region occupies most of the window and is divided into six columns. The following list
- describes them as they appear from left to right in the window. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->Conn</SAMP
-></DT
-><DD
-><P
->Displays the number of RPC connections open between the File Server process and client machines. This number
- normally equals or exceeds the number in the fourth <SAMP
-CLASS="computeroutput"
->Ws</SAMP
-> column. It can exceed the
- number in that column because each user on the machine can have more than one connection open at once, and one
- client machine can handle several users.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->Fetch</SAMP
-></DT
-><DD
-><P
->Displays the number of fetch-type RPCs (fetch data, fetch access list, and fetch status) that the File Server
- process has received from client machines since it started. It resets to zero when the File Server process
- restarts.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->Store</SAMP
-></DT
-><DD
-><P
->Displays the number of store-type RPCs (store data, store access list, and store status) that the File Server
- process has received from client machines since it started. It resets to zero when the File Server process
- restarts.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->Ws</SAMP
-></DT
-><DD
-><P
->Displays the number of client machines (workstations) that have communicated with the File Server process
- within the last 15 minutes (such machines are termed <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->active</I
-></SPAN
->). This number is likely to be
- smaller than the number in the <SAMP
-CLASS="computeroutput"
->Conn</SAMP
->) column because a single client machine can
- have several connections open to one File Server process.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[Unlabeled column]</B
-></SPAN
-></DT
-><DD
-><P
->Displays the name of the file server machine on which the File Server process is running. It is 12 characters
- wide. Longer names are truncated and an asterisk (<SAMP
-CLASS="computeroutput"
->*</SAMP
->) appears as the last character
- in the name. If all machines have the same domain name suffix, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument to decrease the need for truncation; see <A
-HREF="c18360.html#HDRWQ328"
->Using
- the -basename argument to Specify a Domain Name</A
->.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->Disk attn</SAMP
-></DT
-><DD
-><P
->Displays the number of kilobyte blocks available on up to 26 of the file server machine's AFS server
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicep</B
-></SPAN
->) partitions. The display for each partition has the following format:
- <PRE
-CLASS="programlisting"
-> partition_letter:free_blocks
-</PRE
-></P
-><P
->For example, <SAMP
-CLASS="computeroutput"
->a:8949</SAMP
-> indicates that partition <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
-> has 8,949 KB free. If the window is not wide enough for all partition entries to
- appear on a single line, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program automatically stacks the partition
- entries into subcolumns within the sixth column.</P
-><P
->The label on the <SAMP
-CLASS="computeroutput"
->Disk attn</SAMP
-> column indicates the threshold value at which
- entries in the column become highlighted. By default, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program highlights
- a partition that is over 95% full, in which case the label is as follows:</P
-><PRE
-CLASS="programlisting"
-> Disk attn: > 95% used
-</PRE
-><P
->For more on this threshold and its effect on highlighting, see <A
-HREF="c18360.html#HDRWQ332"
->Highlighting
- Significant Statistics</A
->.</P
-></DD
-></DL
-></DIV
-></P
-><P
->For all columns except the fifth (file server machine name), you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attention</B
-></SPAN
-> argument to set a threshold value above which the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
->
- program highlights the statistic. By default, only values in the fifth and sixth columns ever become highlighted. For
- instructions on using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attention</B
-></SPAN
-> argument, see <A
-HREF="c18360.html#HDRWQ332"
->Highlighting
- Significant Statistics</A
->.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_368"
->The Probe Reporting Line</A
-></H3
-><P
->The bottom line of the display indicates how many times the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program has probed
- the File Server processes for statistics. The statistics gathered in the latest probe appear in the statistics display
- region. By default, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program probes the File Servers every 60 seconds, but you can
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-> argument to specify a different probe frequency.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ332"
->Highlighting Significant Statistics</A
-></H2
-><P
->To draw your attention to a statistic that currently exceed a threshold value, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program displays it in reverse video (highlights it). You can set the threshold value for most
- statistics, and so determine which values are worthy of special attention and which are normal.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ333"
->Highlighting Server Outages</A
-></H3
-><P
->The only column in which you cannot control highlighting is the fifth, which identifies the file server machine for
- which statistics are displayed in the other columns. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program uses highlighting in
- this column to indicate that the File Server process on a machine fails to respond to its probe, and automatically blanks
- out the other columns. Failure to respond to the probe can indicate a File Server process, file server machine, or network
- outage, so the highlighting draws your attention to a situation that is probably interrupting service to users.</P
-><P
->When the File Server process once again responds to the probes, its name appears normally and statistics reappear in
- the other columns. If all machine names become highlighted at once, a possible network outage has disrupted the connection
- between the file server machines and the client machine running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_371"
->Highlighting for Extreme Statistic Values</A
-></H3
-><P
->To set the threshold value for one or more of the five statistics-displaying columns, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attention</B
-></SPAN
-> argument. The threshold value applies to all File Server processes you are monitoring (you
- cannot set different thresholds for different machines). For details, see the syntax description in <A
-HREF="c18360.html#HDRWQ335"
->To start the scout program</A
->.</P
-><P
->It is not possible to change the threshold values for a running <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program. Stop
- the current program and start a new one. Also, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program does not retain threshold
- values across restarts, so you must specify all thresholds every time you start the program.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ334"
->Resizing the scout Display</A
-></H2
-><P
->Do not resize the display window while the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program is running. Increasing the
- size does no harm, but the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program does not necessarily adjust to the new dimensions.
- Decreasing the display's width can disturb column alignment, making the display harder to read. With any type of resizing, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program does not adjust the display in any way until it displays the results of the
- next probe.</P
-><P
->To resize the display effectively, stop the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program, resize the window and then
- restart the program. Even in this case, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program's response depends on the accuracy
- of the information it receives from the display environment. Testing during development has shown that the display environment
- does not reliably provide information about window resizing. If you use the X windowing system, issuing the following sequence
- of commands before starting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program (or placing them in the shell initialization
- file) sometimes makes it adjust properly to resizing.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->set noglob</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->eval '/usr/bin/X11/resize'</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unset noglob</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ335"
->To start the scout program</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Open a dedicated command shell. If necessary, adjust it to the appropriate size.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> command to start the program. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
->] <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->FileServer name(s) to monitor</VAR
->>+ \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->base server name</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->poll frequency, in seconds</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
->] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attention</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->specify attention (highlighting) level</VAR
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debug</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->turn debugging output on to the named file</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
-></DT
-><DD
-><P
->Is an optional string that accommodates the command's use of the AFS command parser. It can be omitted and
- ignored.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Identifies each File Server process to monitor, by naming the file server machine it is running on. Provide
- fully-qualified hostnames unless the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument is used. In that case,
- specify only the initial part of each machine name, omitting the domain name suffix common to all the machine
- names.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the domain name suffix common to all of the file server machines named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument. For discussion of this argument's effects, see <A
-HREF="c18360.html#HDRWQ328"
->Using the -basename argument to Specify a Domain Name</A
->.</P
-><P
->Do not include the period that separates the domain suffix from the initial part of the machine name, but do
- include any periods that occur within the suffix itself. (For example, in the ABC Corporation cell, the proper
- value is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
->, not <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.abc.com</B
-></SPAN
->.)</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-></DT
-><DD
-><P
->Sets the frequency, in seconds, of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program's probes to File
- Server processes. Specify an integer greater than 0 (zero). The default is 60 seconds.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-></DT
-><DD
-><P
->Displays the name of the machine that is running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program in the
- display window's banner line. By default, no machine name is displayed.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attention</B
-></SPAN
-></DT
-><DD
-><P
->Defines the threshold value at which to highlight one or more statistics. You can provide the pairs of
- statistic and threshold in any order, separating each pair and the parts of each pair with one or more spaces. The
- following list defines the syntax for each statistic.<DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->conn connections</B
-></SPAN
-></DT
-><DD
-><P
->Highlights the value in the <SAMP
-CLASS="computeroutput"
->Conn</SAMP
-> (first) column when the number of
- connections that the File Server has open to client machines exceeds the connections value. The
- highlighting deactivates when the value goes back below the threshold. There is no default
- threshold.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fetch fetch_RPCs</B
-></SPAN
-></DT
-><DD
-><P
->Highlights the value in the <SAMP
-CLASS="computeroutput"
->Fetch</SAMP
-> (second) column when the number
- of fetch RPCs that clients have made to the File Server process exceeds the fetch_RPCs value. The
- highlighting deactivates only when the File Server process restarts, at which time the value returns to
- zero. There is no default threshold.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->store store_RPCs</B
-></SPAN
-></DT
-><DD
-><P
->Highlights the value in the <SAMP
-CLASS="computeroutput"
->Store</SAMP
-> (third) column when the number of
- store RPCs that clients have made to the File Server process exceeds the store_RPCs value. The
- highlighting deactivates only when the File Server process restarts, at which time the value returns to
- zero. There is no default threshold.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ws active_clients</B
-></SPAN
-></DT
-><DD
-><P
->Highlights the value in the <SAMP
-CLASS="computeroutput"
->Ws</SAMP
-> (fourth) column when the number of
- active client machines (those that have contacted the File Server in the last 15 minutes) exceeds the
- active_clients value. The highlighting deactivates when the value goes back below the threshold. There is
- no default threshold.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->disk percent_full % or disk min_blocks</B
-></SPAN
-></DT
-><DD
-><P
->Highlights the value for a partition in the <SAMP
-CLASS="computeroutput"
->Disk attn</SAMP
-> (sixth)
- column when either the amount of disk space used exceeds the percentage indicated by thepercent_full
- value, or the number of free KB blocks is less than the min_blocks value. The highlighting deactivates
- when the value goes back below the percent_full threshold or above the min_blocks threshold.</P
-><P
->The value you specify appears in the header of the sixth column following the string
- <SAMP
-CLASS="computeroutput"
->Disk attn</SAMP
->. The default threshold is 95% full.</P
-><P
->Acceptable values for percent_full are the integers from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->99</B
-></SPAN
->, and you must include the percent
- sign to distinguish this statistic from a min_blocks value..</P
-></DD
-></DL
-></DIV
-></P
-><P
->The following example sets the threshold for the <SAMP
-CLASS="computeroutput"
->Conn</SAMP
-> column to 100, for
- the <SAMP
-CLASS="computeroutput"
->Ws</SAMP
-> column to 50, and for the <SAMP
-CLASS="computeroutput"
->Disk attn</SAMP
->
- column to 75%. There is no threshold for the <SAMP
-CLASS="computeroutput"
->Fetch</SAMP
-> and
- <SAMP
-CLASS="computeroutput"
->Store</SAMP
-> columns.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attention conn 100 ws 50 disk 75%</B
-></SPAN
-></P
-><P
->The following example has the same affect as the previous one except that it sets the threshold for the Disk
- attn column to 5000 free KB blocks:</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attention disk 5000 ws 50 conn 100</B
-></SPAN
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debug</B
-></SPAN
-></DT
-><DD
-><P
->Enables debugging output and directs it into the specified file. Partial pathnames are interpreted relative
- to the current working directory. By default, no debugging output is produced.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_374"
->To stop the scout program</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Enter <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
-> in the display window. This is the proper interrupt signal even if the
- general interrupt signal in your environment is different.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ336"
->Example Commands and Displays</A
-></H2
-><P
->This section presents examples of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program, combining different arguments and
- illustrating the screen displays that result.</P
-><P
->In the first example, an administrator in the ABC Corporation issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> command
- without providing any optional arguments or flags. She includes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument because
- she is providing multiple machine names. She chooses to specify on the initial part of each machine's name even though she has
- not used the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument, relying on the cell's name service to obtain the
- fully-qualified name that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program requires for establishing a connection.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout -server fs1 fs2</B
-></SPAN
->
-</PRE
-><P
-><A
-HREF="c18360.html#FIGWQ337"
->Figure 2</A
-> depicts the resulting display. Notice first that the machine names in the fifth
- (unlabeled) column appear in the format the administrator used on the command line. Now consider the second line in the
- display region, where the machine name <SAMP
-CLASS="computeroutput"
->fs2</SAMP
-> appears in the fifth column. The
- <SAMP
-CLASS="computeroutput"
->Conn</SAMP
-> and <SAMP
-CLASS="computeroutput"
->Ws</SAMP
-> columns together show that machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs2</B
-></SPAN
-> has 144 RPC connections open to 44 client machines, demonstrating that multiple connections per
- client machine are possible. The <SAMP
-CLASS="computeroutput"
->Fetch</SAMP
-> column shows that client machines have made 2,734,278
- fetch RPCs to machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs2</B
-></SPAN
-> since the File Server process last started and the
- <SAMP
-CLASS="computeroutput"
->Store</SAMP
-> column shows that they have made 34,066 store RPCs.</P
-><P
->Six partition entries appear in the <SAMP
-CLASS="computeroutput"
->Disk attn</SAMP
-> column, marked
- <SAMP
-CLASS="computeroutput"
->a</SAMP
-> through <SAMP
-CLASS="computeroutput"
->f</SAMP
-> (for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
->
- through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepf</B
-></SPAN
->). They appear on three lines in two subcolumns because of the width of the
- window; if the window is wider, there are more subcolumns. Four of the partition entries (<SAMP
-CLASS="computeroutput"
->a</SAMP
->,
- <SAMP
-CLASS="computeroutput"
->c</SAMP
->, <SAMP
-CLASS="computeroutput"
->d</SAMP
->, and <SAMP
-CLASS="computeroutput"
->e</SAMP
->) appear in
- reverse video to indicate that they are more than 95% full (the threshold value that appears in the <SAMP
-CLASS="computeroutput"
->Disk
- attn</SAMP
-> header).</P
-><DIV
-CLASS="figure"
-><A
-NAME="FIGWQ337"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="scout1.png"></P
-></DIV
-><P
-><B
->Figure 2. First example scout display</B
-></P
-></DIV
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-> </B
-></SPAN
-></P
-><P
->In the second example, the administrator uses more of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program's optional
- arguments. <UL
-><LI
-><P
->She provides the machine names in the same form as in Example 1, but this time she also uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument to specify their domain name suffix, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
->.
- This implies that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program does not need the name service to expand the names
- to fully-qualified hostnames, but the name service still converts the hostnames to IP addresses.</P
-></LI
-><LI
-><P
->She uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-> flag to display in the banner line the name of the client
- machine where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program is running.</P
-></LI
-><LI
-><P
->She uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-> argument to changes the probing frequency from its
- default of once per minute to once every five seconds.</P
-></LI
-><LI
-><P
->She uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attention</B
-></SPAN
-> argument to changes the highlighting threshold for
- partitions to a 5000 KB minimum rather than the default of 95% full.</P
-></LI
-></UL
-></P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout -server fs1 fs2 -basename abc.com -host -frequency 5 -attention disk 5000</B
-></SPAN
->
-</PRE
-><P
->The use of optional arguments results in several differences between <A
-HREF="c18360.html#FIGWQ338"
->Figure 3</A
-> and <A
-HREF="c18360.html#FIGWQ337"
->Figure 2</A
->. First, because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-> flag is included, the banner
- line displays the name of the machine running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> process as
- <SAMP
-CLASS="computeroutput"
->[client52]</SAMP
-> along with the basename <SAMP
-CLASS="computeroutput"
->abc.com</SAMP
-> specified with
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument.</P
-><P
->Another difference is that two rather than four of machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs2</B
-></SPAN
->'s partitions appear in
- reverse video, even though their values are almost the same as in <A
-HREF="c18360.html#FIGWQ337"
->Figure 2</A
->. This is because
- the administrator changed the highlight threshold to a 5000 block minimum, as also reflected in the <SAMP
-CLASS="computeroutput"
->Disk
- attn</SAMP
-> column's header. And while machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs2</B
-></SPAN
->'s partitions <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepd</B
-></SPAN
-> are still 95% full, they have more than 5000 free
- blocks left; partitions <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepc</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepe</B
-></SPAN
-> are highlighted
- because they have fewer than 5000 blocks free.</P
-><P
->Note also the result of changing the probe frequency, reflected in the probe reporting line at the bottom left corner of
- the display. Both this example and the previous one represent a time lapse of one minute after the administrator issues the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> command. In this example, however, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program
- has probed the File Server processes 12 times as opposed to once</P
-><DIV
-CLASS="figure"
-><A
-NAME="FIGWQ338"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="scout2.png"></P
-></DIV
-><P
-><B
->Figure 3. Second example scout display</B
-></P
-></DIV
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-> </B
-></SPAN
-></P
-><P
->In <A
-HREF="c18360.html#FIGWQ339"
->Figure 4</A
->, an administrator in the State University cell monitors three of that cell's
- file server machines. He uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument to specify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu.edu</B
-></SPAN
-> domain name.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout -server server2 server3 server4 -basename stateu.edu</B
-></SPAN
->
-</PRE
-><DIV
-CLASS="figure"
-><A
-NAME="FIGWQ339"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="scout3.png"></P
-></DIV
-><P
-><B
->Figure 4. Third example scout display</B
-></P
-></DIV
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-> </B
-></SPAN
-></P
-><P
-><A
-HREF="c18360.html#FIGWQ340"
->Figure 5</A
-> illustrates three of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> program's
- features. First, you can monitor file server machines from different cells in a single display: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->server3.stateu.edu</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sv7.def.com</B
-></SPAN
->. Because the machines belong to different cells, it is not possible to provide the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-basename</B
-></SPAN
-> argument.</P
-><P
->Second, it illustrates how the display must truncate machine names that do not fit in the fifth column, using an
- asterisk at the end of the name to show that it is shortened.</P
-><P
->Third, it illustrates what happens when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> process cannot reach a File Server
- process, in this case the one on the machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sv7.def.com</B
-></SPAN
->: it highlights the machine name and
- blanks out the values in the other columns.</P
-><DIV
-CLASS="figure"
-><A
-NAME="FIGWQ340"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="scout4.png"></P
-></DIV
-><P
-><B
->Figure 5. Fourth example scout display</B
-></P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ341"
->Using the fstrace Command Suite</A
-></H1
-><P
->This section describes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> commands that system administrators employ to trace
- Cache Manager activity for debugging purposes. It assumes the reader is familiar with the Cache Manager concepts described in
- <A
-HREF="c21473.html"
->Administering Client Machines and the Cache Manager</A
->.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> command suite monitors the internal activity of the Cache Manager and enables
- you to record, or trace, its operations in detail. The operations, which are termed <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->events</I
-></SPAN
->, comprise the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->event set</I
-></SPAN
->. Examples of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> events are
- fetching files and looking up information for a listing of files and subdirectories using the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> command.</P
-><P
->Following are the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> commands and their respective functions: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace apropos</B
-></SPAN
-> command provides a short description of commands.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
-> command clears the trace log.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump</B
-></SPAN
-> command dumps the contents of the trace log.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace help</B
-></SPAN
-> command provides a description and syntax for commands.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog</B
-></SPAN
-> command lists information about the trace log.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset</B
-></SPAN
-> command lists information about the event set.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog</B
-></SPAN
-> command changes the size of the trace log.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> command sets the state of the event set.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ342"
->About the fstrace Command Suite</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> command suite replaces and greatly expands the functionality formerly
- provided by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs debug</B
-></SPAN
-> command. Its intended use is to aid in diagnosis of specific Cache
- Manager problems, such as client machine hangs, cache consistency problems, clock synchronization errors, and failures to
- access a volume or AFS file. Therefore, it is best not to keep <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> logging enabled at all
- times, unlike the logging for AFS server processes.</P
-><P
->Most of the messages in the trace log correspond to low-level Cache Manager operations. It is likely that only personnel
- familiar with the AFS source code can interpret them. If you have an AFS source license, you can attempt to interpret the
- trace yourself, or work with the AFS Product Support group to resolve the underlying problems. If you do not have an AFS
- source license, it is probably more efficient to contact the AFS Product Support group immediately in case of problems. They
- can instruct you to activate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> tracing if appropriate.</P
-><P
->The log can grow in size very quickly; this can use valuable disk space if you are writing to a file in the local file
- space. Additionally, if the size of the log becomes too large, it can become difficult to parse the results for pertinent
- information.</P
-><P
->When AFS tracing is enabled, each time a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event occurs, a message is written to the
- trace log, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
->. To diagnose a problem, read the output of the trace log and analyze the
- operations executed by the Cache Manager. The default size of the trace log is 60 KB, but you can increase or decrease
- it.</P
-><P
->To use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> command suite, you must first enable tracing and reserve, or
- allocate, space for the trace log with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> command. With this command, you can
- set the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set to one of three states to enable or disable tracing for the event set
- and to allocate or deallocate space for the trace log in the kernel: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->active</SAMP
-></DT
-><DD
-><P
->Enables tracing for the event set and allocates space for the trace log.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->inactive</SAMP
-></DT
-><DD
-><P
->Temporarily disables tracing for the event set; however, the event set continues to allocate space occupied by
- the log to which it sends data.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->dormant</SAMP
-></DT
-><DD
-><P
->Disables tracing for the event set; furthermore, the event set releases the space occupied by the log to which
- it sends data. When the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set that sends data to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> trace log is in this state, the space allocated for that log is freed or
- deallocated.</P
-></DD
-></DL
-></DIV
-></P
-><P
->Both event sets and trace logs can be designated as <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->persistent</I
-></SPAN
->, which prevents accidental resetting
- of an event set's state or clearing of a trace log. The designation is made as the kernel is compiled and cannot be
- changed.</P
-><P
->If an event set such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> is persistent, you can change its state only by including
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-set</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> command. (That is,
- you cannot change its state along with the state of all other event sets by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace
- setset</B
-></SPAN
-> command with no arguments.) Similarly, if a trace log such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> is
- persistent, you can clear it only by including either the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-set</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-log</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
-> command (you cannot clear it along
- with all other trace logs by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
-> command with no arguments.)</P
-><P
->When a problem occurs, set the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set to active using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> command. When tracing is enabled on a busy AFS client, the volume of events being
- recorded is significant; therefore, when you are diagnosing problems, restrict AFS activity as much as possible to minimize
- the amount of extraneous tracing in the log. Because tracing can have a negative impact on system performance, leave <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> tracing in the dormant state when you are not diagnosing problems.</P
-><P
->If a problem is reproducible, clear the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> trace log with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
-> command and reproduce the problem. If the problem is not easily reproduced, keep the
- state of the event set active until the problem recurs.</P
-><P
->To view the contents of the trace log and analyze the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> events, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump</B
-></SPAN
-> command to copy the content lines of the trace log to standard output (stdout) or to a
- file.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If a particular command or process is causing problems, determine its process id (PID). Search the output of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump</B
-></SPAN
-> command for the PID to find only those lines associated with the
- problem.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ343"
->Requirements for Using the fstrace Command Suite</A
-></H2
-><P
->Except for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace help</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace apropos</B
-></SPAN
->
- commands, which require no privilege, issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> commands requires that the issuer
- be logged in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the local client machine. Before issuing an
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> command, verify that you have the necessary privilege.</P
-><P
->The Cache Manager catalog must be in place so that logging can occur. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
->
- command suite uses the standard UNIX catalog utilities. The default location is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/C/afszcm.cat</B
-></SPAN
->. It can be placed in another directory by placing the file elsewhere and
- using the proper NLSPATH and LANG environment variables.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_379"
->Using fstrace Commands Effectively</A
-></H2
-><P
->To use <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> commands most effectively, configure them as indicated: <UL
-><LI
-><P
->Store the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> binary in a local disk directory.</P
-></LI
-><LI
-><P
->When you dump the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> log to a file, direct it to one on the local
- disk.</P
-></LI
-><LI
-><P
->The trace can grow large in just a few minutes. Before attempting to dump the log to a local file, verify that you
- have enough room. Be particularly careful if you are using disk quotas on partitions in the local file system.</P
-></LI
-><LI
-><P
->Attempt to limit Cache Manager activity on the AFS client machine other than the problem operation. This reduces
- the amount of extraneous data in the trace.</P
-></LI
-><LI
-><P
->Activate the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> log for the shortest possibly period of time. If possible
- activate the trace immediately before performing the problem operation, deactivate it as soon as the operation
- completes, and dump the trace log to a file immediately.</P
-></LI
-><LI
-><P
->If possible, obtain UNIX process ID (PID) of the command or program that initiates the problematic operation. This
- enables the person analyzing the trace log to search it for messages associated with the PID.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ344"
->Activating the Trace Log</A
-></H2
-><P
->To start Cache Manager tracing on an AFS client machine, you must first configure <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> kernel trace log using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace
- setlog</B
-></SPAN
-> command</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
->
- command</P
-></LI
-></UL
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog</B
-></SPAN
-> command sets the size of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
->
- kernel trace log in kilobytes. The trace log occupies 60 kilobytes of kernel by default. If the trace log already exists, it
- is cleared when this command is issued and a new log of the given size is created. Otherwise, a new log of the desired size is
- created.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> command sets the state of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
->
- kernel event set. The state of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set determines whether information on the events
- in that event set is logged.</P
-><P
->After establishing kernel tracing on the AFS client machine, you can check the state of the event set and the size of
- the kernel buffer allocated for the trace log. To display information about the state of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset</B
-></SPAN
-> command. To display information
- about the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> trace log, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog</B
-></SPAN
-> command. See
- the instructions in <A
-HREF="c18360.html#HDRWQ346"
->Displaying the State of a Trace Log or Event Set</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_381"
->To configure the trace log</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog</B
-></SPAN
-> command to set the size of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> kernel trace log. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-log</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->log_name</VAR
->>+] <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-buffersize</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->1-kilobyte_units</VAR
->>
-</PRE
-></P
-></LI
-></OL
-><P
->The following example sets the size of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> trace log to 80 KB.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog cmfx 80</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ345"
->To set the event set</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> command to set the state of event sets. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-set</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->set_name</VAR
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-active</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-inactive</B
-></SPAN
->] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dormant</B
-></SPAN
->]
-</PRE
-></P
-></LI
-></OL
-><P
->The following example activates the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset cm -active</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ346"
->Displaying the State of a Trace Log or Event Set</A
-></H2
-><P
->An event set must be in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->active state</I
-></SPAN
-> to be included in the trace log. To display an event set's
- state, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset</B
-></SPAN
-> command. To set its state, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> command as described in <A
-HREF="c18360.html#HDRWQ345"
->To set the event set</A
->.</P
-><P
->To display size and allocation information for the trace log, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace
- lslog</B
-></SPAN
->command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> argument.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_384"
->To display the state of an event set</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset</B
-></SPAN
-> command to display the available event set and its state.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-set</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->set_name</VAR
->>+]
-</PRE
-></P
-></LI
-></OL
-><P
->The following example displays the event set and its state on the local machine.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset cm</B
-></SPAN
->
- Available sets:
- cm active
-</PRE
-><P
->The output from this command lists the event set and its states. The three event states for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set are: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->active</B
-></SPAN
-></DT
-><DD
-><P
->Tracing is enabled.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->inactive</B
-></SPAN
-></DT
-><DD
-><P
->Tracing is disabled, but space is still allocated for the corresponding trace log (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
->).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dormant</B
-></SPAN
-></DT
-><DD
-><P
->Tracing is disabled, and space is no longer allocated for the corresponding trace log (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
->).Disables tracing for the event set.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_385"
->To display the log size</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog</B
-></SPAN
-> command to display information about the kernel trace log.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-set</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->set_name</VAR
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-log</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->log_name</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
->]
-</PRE
-></P
-></LI
-></OL
-><P
->The following example uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag to display additional information about the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> trace log.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog cmfx -long</B
-></SPAN
->
- Available logs:
- cmfx : 60 kbytes (allocated)
-</PRE
-><P
->The output from this command lists information on the trace log. When issued without the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog</B
-></SPAN
-> command lists only the name of the log.
- When issued with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog</B
-></SPAN
-> command
- lists the log, the size of the log in kilobytes, and the allocation state of the log.</P
-><P
->There are two allocation states for the kernel trace log: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->allocated</SAMP
-></DT
-><DD
-><P
->Space is reserved for the log in the kernel. This indicates that the event set that writes to this log is either
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->active</I
-></SPAN
-> (tracing is enabled for the event set) or <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->inactive</I
-></SPAN
-> (tracing is
- temporarily disabled for the event set); however, the event set continues to reserve space occupied by the log to
- which it sends data.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->unallocated</SAMP
-></DT
-><DD
-><P
->Space is not reserved for the log in the kernel. This indicates that the event set that writes to this log is
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dormant</I
-></SPAN
-> (tracing is disabled for the event set); furthermore, the event set releases the space
- occupied by the log to which it sends data.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ347"
->Dumping and Clearing the Trace Log</A
-></H2
-><P
->After the Cache Manager operation you want to trace is complete, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump</B
-></SPAN
->
- command to dump the trace log to the standard output stream or to the file named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
->
- argument. Or, to dump the trace log continuously, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-follow</B
-></SPAN
-> argument (combine it with
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument if desired). To halt continuous dumping, press an interrupt signal such as
- <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->>.</P
-><P
->To clear a trace log when you no longer need the data in it, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
->
- command. (The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog</B
-></SPAN
-> command also clears an existing trace log automatically when you
- use it to change the log's size.)</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_387"
->To dump the contents of a trace log</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump</B
-></SPAN
-> command to dump trace logs. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-set</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->set_name</VAR
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-follow</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->log_name</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->output_filename</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sleep</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->seconds_between_reads</VAR
->>]
-</PRE
-></P
-></LI
-></OL
-><P
->At the beginning of the output of each dump is a header specifying the date and time at which the dump began. The number
- of logs being dumped is also displayed if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-follow</B
-></SPAN
-> argument is not specified. The header
- appears as follows:</P
-><PRE
-CLASS="programlisting"
-> AFS Trace Dump --
- Date: date time
- Found n logs.
-</PRE
-><P
->where <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->date</I
-></SPAN
-> is the starting date of the trace log dump, <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->time</I
-></SPAN
-> is the starting
- time of the trace log dump, and <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->n</I
-></SPAN
-> specifies the number of logs found by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace
- dump</B
-></SPAN
-> command.</P
-><P
->The following is an example of trace log dump header:</P
-><PRE
-CLASS="programlisting"
-> AFS Trace Dump --
- Date: Fri Apr 16 10:44:38 1999
- Found 1 logs.
-</PRE
-><P
->The contents of the log follow the header and are comprised of messages written to the log from an active event set. The
- messages written to the log contain the following three components: <UL
-><LI
-><P
->The timestamp associated with the message (number of seconds from an arbitrary start point)</P
-></LI
-><LI
-><P
->The process ID or thread ID associated with the message</P
-></LI
-><LI
-><P
->The message itself</P
-></LI
-></UL
-></P
-><P
->A trace log message is formatted as follows:</P
-><PRE
-CLASS="programlisting"
-> time timestamp, pid pid:event message
-</PRE
-><P
->where <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->timestamp</I
-></SPAN
-> is the number of seconds from an arbitrary start point, <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->pid</I
-></SPAN
-> is
- the process ID number of the Cache Manager event, and <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->event message</I
-></SPAN
-> is the Cache Manager event which
- corresponds with a function in the AFS source code.</P
-><P
->The following is an example of a dumped trace log message:</P
-><PRE
-CLASS="programlisting"
-> time 749.641274, pid 3002:Returning code 2 from 19
-</PRE
-><P
->For the messages in the trace log to be most readable, the Cache Manager catalog file needs to be installed on the local
- disk of the client machine; the conventional location is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/C/afszcm.cat</B
-></SPAN
->. Log
- messages that begin with the string <SAMP
-CLASS="computeroutput"
->raw op</SAMP
->, like the following, indicate that the catalog is
- not installed.</P
-><PRE
-CLASS="programlisting"
-> raw op 232c, time 511.916288, pid 0
- p0:Fri Apr 16 10:36:31 1999
-</PRE
-><P
->Every 1024 seconds, a current time message is written to each log. This message has the following format:</P
-><PRE
-CLASS="programlisting"
-> time timestamp, pid pid: Current time: unix_time
-</PRE
-><P
->where timestamp is the number of seconds from an arbitrary start point, pid is the process ID number, and unix_time is
- the standard time format since January 1, 1970.</P
-><P
->The current time message can be used to determine the actual time associated with each log message. Determine the actual
- time as follows: <OL
-TYPE="1"
-><LI
-><P
->Locate the log message whose actual time you want to determine.</P
-></LI
-><LI
-><P
->Search backward through the dump record until you come to a current time message.</P
-></LI
-><LI
-><P
->If the current time message's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->timestamp</I
-></SPAN
-> is smaller than the log message's
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->timestamp</I
-></SPAN
->, subtract the former from the latter. If the current time message's
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->timestamp</I
-></SPAN
-> is larger than the log message's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->timestamp</I
-></SPAN
->, add 1024 to the latter
- and subtract the former from the result.</P
-></LI
-><LI
-><P
->Add the resulting number to the current time message's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->unix_time</I
-></SPAN
-> to determine the log
- message's actual time.</P
-></LI
-></OL
-></P
-><P
->Because log data is stored in a finite, circular buffer, some of the data can be overwritten before being read. If this
- happens, the following message appears at the appropriate place in the dump:</P
-><PRE
-CLASS="programlisting"
-> Log wrapped; data missing.
-</PRE
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If this message appears in the middle of a dump, which can happen under a heavy work load, it indicates that not all
- of the log data is being written to the log or some data is being overwritten. Increasing the size of the log with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog</B
-></SPAN
-> command can alleviate this problem.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_388"
->To clear the contents of a trace log</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
-> command to clear logs by log name or by event set.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-set</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->set_name</VAR
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-log</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->log_name</VAR
->>+]
-</PRE
-></P
-></LI
-></OL
-><P
->The following example clears the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> log used by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set on the local machine.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear cm</B
-></SPAN
->
-</PRE
-><P
->The following example also clears the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx</B
-></SPAN
-> log on the local machine.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear cmfx</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ348"
->Examples of fstrace Commands</A
-></H2
-><P
->This section contains an extensive example of the use of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> command suite,
- which is useful for gathering a detailed trace of Cache Manager activity when you are working with AFS Product Support to
- diagnose a problem. The Product Support representative can guide you in choosing appropriate parameter settings for the
- trace.</P
-><P
->Before starting the kernel trace log, try to isolate the Cache Manager on the AFS client machine that is experiencing
- the problem accessing the file. If necessary, instruct users to move to another machine so as to minimize the Cache Manager
- activity on this machine. To minimize the amount of unrelated AFS activity recorded in the trace log, place both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> binary and the dump file must reside on the local disk, not in AFS. You must be logged in as
- the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> to issue <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> commands.</P
-><P
->Before starting a kernel trace, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset</B
-></SPAN
-> command to check the state of
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lsset cm</B
-></SPAN
->
-</PRE
-><P
->If tracing has not been enabled previously or if tracing has been turned off on the client machine, the following output
- is displayed:</P
-><PRE
-CLASS="programlisting"
-> Available sets:
- cm inactive
-</PRE
-><P
->If tracing has been turned off and kernel memory is not allocated for the trace log on the client machine, the following
- output is displayed:</P
-><PRE
-CLASS="programlisting"
-> Available sets:
- cm inactive (dormant)
-</PRE
-><P
->If the current state of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set is <SAMP
-CLASS="computeroutput"
->inactive</SAMP
->
- or <SAMP
-CLASS="computeroutput"
->inactive (dormant)</SAMP
->, turn on kernel tracing by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace
- setset</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-active</B
-></SPAN
-> flag.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset cm -active</B
-></SPAN
->
-</PRE
-><P
->If tracing is enabled currently on the client machine, the following output is displayed:</P
-><PRE
-CLASS="programlisting"
-> Available sets:
- cm active
-</PRE
-><P
->If tracing is enabled currently, you do not need to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setset</B
-></SPAN
-> command. Do
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear</B
-></SPAN
-> command to clear the contents of any existing trace log, removing
- prior traces that are not related to the current problem.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace clear cm</B
-></SPAN
->
-</PRE
-><P
->After checking on the state of the event set, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog</B
-></SPAN
-> command with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag to check the current state and size of the kernel trace log .</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace lslog cmfx -long</B
-></SPAN
->
-</PRE
-><P
->If tracing has not been enabled previously or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> event set was set to
- <SAMP
-CLASS="computeroutput"
->active</SAMP
-> or <SAMP
-CLASS="computeroutput"
->inactive</SAMP
-> previously, output similar to the
- following is displayed:</P
-><PRE
-CLASS="programlisting"
-> Available logs:
- cmfx : 60 kbytes (allocated)
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> tracing utility allocates 60 kilobytes of memory to the trace log by
- default. You can increase or decrease the amount of memory allocated to the kernel trace log by setting it with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog</B
-></SPAN
-> command. The number specified with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-buffersize</B
-></SPAN
->
- argument represents the number of kilobytes allocated to the kernel trace log. If you increase the size of the kernel trace
- log to 100 kilobytes, issue the following command.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace setlog cmfx</B
-></SPAN
-> 100
-</PRE
-><P
->After ensuring that the kernel trace log is configured for your needs, you can set up a file into which you can dump the
- kernel trace log. For example, create a dump file with the name <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cmfx.dump.file.1</B
-></SPAN
-> using the
- following <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump</B
-></SPAN
-> command. Issue the command as a continuous process by adding the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-follow</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sleep</B
-></SPAN
-> arguments. Setting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sleep</B
-></SPAN
-> argument to <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->10</I
-></SPAN
-> dumps output from the kernel trace log to the file every 10
- seconds.</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace dump -follow</B
-></SPAN
-> cmfx <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> cmfx.dump.file.1 <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sleep</B
-></SPAN
-> 10
- AFS Trace Dump -
- Date: Fri Apr 16 10:54:57 1999
- Found 1 logs.
- time 32.965783, pid 0: Fri Apr 16 10:45:52 1999
- time 32.965783, pid 33657: Close 0x5c39ed8 flags 0x20
- time 32.965897, pid 33657: Gn_close vp 0x5c39ed8 flags 0x20 (returns
- 0x0)
- time 35.159854, pid 10891: Breaking callback for 5bd95e4 states 1024
- (volume 0)
- time 35.407081, pid 10891: Breaking callback for 5c0fadc states 1024
- (volume 0)
- . .
- . .
- . .
- time 71.440456, pid 33658: Lookup adp 0x5bbdcf0 name g3oCKs fid (756
- 4fb7e:588d240.2ff978a8.6)
- time 71.440569, pid 33658: Returning code 2 from 19
- time 71.440619, pid 33658: Gn_lookup vp 0x5bbdcf0 name g3oCKs (returns
- 0x2)
- time 71.464989, pid 38267: Gn_open vp 0x5bbd000 flags 0x0 (returns 0x
- 0)
- AFS Trace Dump - Completed
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ349"
->Using the afsmonitor Program</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program enables you to monitor the status and performance of specified
- File Server and Cache Manager processes by gathering statistical information. Among its other uses, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program can be used to fine-tune Cache Manager configuration and load balance File
- Servers.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program enables you to perform the following tasks. <UL
-><LI
-><P
->Monitor any number of File Server and Cache Manager processes on any number of machines (in both local and foreign
- cells) from a single location.</P
-></LI
-><LI
-><P
->Set threshold values for any monitored statistic. When the value of a statistic exceeds the threshold, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program highlights it to draw your attention. You can set threshold levels that apply to
- every machine or only some.</P
-></LI
-><LI
-><P
->Invoke programs or scripts automatically when a statistic exceeds its threshold.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ350"
->Requirements for running the afsmonitor program</A
-></H2
-><P
->The following software must be accessible to a machine where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program is
- running: <UL
-><LI
-><P
->The AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat</B
-></SPAN
-> libraries, which the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
->
- program uses to gather data</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->curses</B
-></SPAN
-> graphics package, which most UNIX distributions provide as a standard
- utility</P
-></LI
-></UL
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> screens format successfully both on so-called dumb terminals and in
- windowing systems that emulate terminals. For the output to looks its best, the display environment needs to support reverse
- video and cursor addressing. Set the TERM environment variable to the correct terminal type, or to a value that has
- characteristics similar to the actual terminal type. The display window or terminal must be at least 80 columns wide and 12
- lines long.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program must run in the foreground, and in its own separate, dedicated
- window or terminal. The window or terminal is unavailable for any other activity as long as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program is running. Any number of instances of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program can run on a single machine, as long as each instance runs in its own dedicated
- window or terminal. Note that it can take up to three minutes to start an additional instance.</P
-><P
->No privilege is required to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program. By convention, it is installed
- in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/bin</B
-></SPAN
-> directory, and anyone who can access the directory can monitor File
- Servers and Cache Managers. The probes through which the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program collects
- statistics do not constitute a significant burden on the File Server or Cache Manager unless hundreds of people are running
- the program. If you wish to restrict its use, place the binary file in a directory available only to authorized users.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_392"
->The afsmonitor Output Screens</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program displays its data on three screens: <UL
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->System Overview</SAMP
->: This screen appears automatically when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program initializes. It summarizes separately for File Servers and Cache Managers the
- number of machines being monitored and how many of them have <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->alerts</I
-></SPAN
-> (statistics that have exceeded
- their thresholds). It then lists the hostname and number of alerts for each machine being monitored, indicating if
- appropriate that a process failed to respond to the last probe.</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->File Server</SAMP
->: This screen displays File Server statistics for each file server
- machine being monitored. It highlights statistics that have exceeded their thresholds, and identifies machines that
- failed to respond to the last probe.</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->Cache Managers</SAMP
->: This screen displays Cache Manager statistics for each client
- machine being monitored. It highlights statistics that have exceeded their thresholds, and identifies machines that
- failed to respond to the last probe.</P
-></LI
-></UL
-></P
-><P
->Fields at the corners of every screen display the following information: <UL
-><LI
-><P
->In the top left corner, the program name and version number.</P
-></LI
-><LI
-><P
->In the top right corner, the screen name, current and total page numbers, and current and total column numbers.
- The page number (for example, <SAMP
-CLASS="computeroutput"
->p. 1 of 3</SAMP
->) indicates the index of the current page and
- the total number of (vertical) pages over which data is displayed. The column number (for example, <SAMP
-CLASS="computeroutput"
->c. 1
- of 235</SAMP
->) indicates the index of the current leftmost column and the total number of columns in which
- data appears. (The symbol <SAMP
-CLASS="computeroutput"
->>>></SAMP
-> indicates that there is additional data to the
- right; the symbol <SAMP
-CLASS="computeroutput"
-><<<</SAMP
-> indicates that there is additional data to the
- left.)</P
-></LI
-><LI
-><P
->In the bottom left corner, a list of the available commands. Enter the first letter in the command name to run
- that command. Only the currently possible options appear; for example, if there is only one page of data, the
- <SAMP
-CLASS="computeroutput"
->next</SAMP
-> and <SAMP
-CLASS="computeroutput"
->prev</SAMP
-> commands, which scroll the screen up and
- down respectively, do not appear. For descriptions of the commands, see the following section about navigating the
- display screens.</P
-></LI
-><LI
-><P
->In the bottom right corner, the <SAMP
-CLASS="computeroutput"
->probes</SAMP
-> field reports how many times the program
- has probed File Servers (<SAMP
-CLASS="computeroutput"
->fs</SAMP
->), Cache Managers (<SAMP
-CLASS="computeroutput"
->cm</SAMP
->), or
- both. The counts for File Servers and Cache Managers can differ. The <SAMP
-CLASS="computeroutput"
->freq</SAMP
-> field reports
- how often the program sends probes.</P
-></LI
-></UL
-></P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Navigating the afsmonitor Display Screens</B
-></SPAN
-></P
-><P
->As noted, the lower left hand corner of every display screen displays the names of the commands currently available for
- moving to alternate screens, which can either be a different type or display more statistics or machines of the current type.
- To execute a command, press the lowercase version of the first letter in its name. Some commands also have an uppercase
- version that has a somewhat different effect, as indicated in the following list. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->cm</SAMP
-></DT
-><DD
-><P
->Switches to the <SAMP
-CLASS="computeroutput"
->Cache Managers</SAMP
-> screen. Available only on the
- <SAMP
-CLASS="computeroutput"
->System Overview</SAMP
-> and <SAMP
-CLASS="computeroutput"
->File Servers</SAMP
-> screens.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->fs</SAMP
-></DT
-><DD
-><P
->Switches to the <SAMP
-CLASS="computeroutput"
->File Servers</SAMP
-> screen. Available only on the
- <SAMP
-CLASS="computeroutput"
->System Overview</SAMP
-> and the <SAMP
-CLASS="computeroutput"
->Cache Managers</SAMP
->
- screens.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->left</SAMP
-></DT
-><DD
-><P
->Scrolls horizontally to the left, to access the data columns situated to the left of the current set. Available
- when the <SAMP
-CLASS="computeroutput"
-><<<</SAMP
-> symbol appears at the top left of the screen. Press uppercase
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> to scroll horizontally all the way to the left (to display the first set of data
- columns).</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->next</SAMP
-></DT
-><DD
-><P
->Scrolls down vertically to the next page of machine names. Available when there are two or more pages of
- machines and the final page is not currently displayed. Press uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->N</B
-></SPAN
-> to scroll
- to the final page.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->oview</SAMP
-></DT
-><DD
-><P
->Switches to the <SAMP
-CLASS="computeroutput"
->System Overview</SAMP
-> screen. Available only on the
- <SAMP
-CLASS="computeroutput"
->Cache Managers</SAMP
-> and <SAMP
-CLASS="computeroutput"
->File Servers</SAMP
-> screens.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->prev</SAMP
-></DT
-><DD
-><P
->Scrolls up vertically to the previous page of machine names. Available when there are two or more pages of
- machines and the first page is not currently displayed. Press uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->N</B
-></SPAN
-> to scroll
- to the first page.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->right</SAMP
-></DT
-><DD
-><P
->Scrolls horizontally to the right, to access the data columns situated to the right of the current set. This
- command is available when the <SAMP
-CLASS="computeroutput"
->>>></SAMP
-> symbol appears at the upper right of the
- screen. Press uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->R</B
-></SPAN
-> to scroll horizontally all the way to the right (to display
- the final set of data columns).</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_393"
->The System Overview Screen</A
-></H2
-><P
->The <SAMP
-CLASS="computeroutput"
->System Overview</SAMP
-> screen appears automatically as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program initializes. This screen displays the status of as many File Server and Cache
- Manager processes as can fit in the current window; scroll down to access additional information.</P
-><P
->The information on this screen is split into File Server information on the left and Cache Manager information on the
- right. The header for each grouping reports two pieces of information: <UL
-><LI
-><P
->The number of machines on which the program is monitoring the indicated process</P
-></LI
-><LI
-><P
->The number of alerts and the number of machines affected by them (an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->alert</I
-></SPAN
-> means that a
- statistic has exceeded its threshold or a process failed to respond to the last probe)</P
-></LI
-></UL
-></P
-><P
->A list of the machines being monitored follows. If there are any alerts on a machine, the number of them appears in
- square brackets to the left of the hostname. If a process failed to respond to the last probe, the letters
- <SAMP
-CLASS="computeroutput"
->PF</SAMP
-> (probe failure) appear in square brackets to the left of the hostname.</P
-><P
->The following graphic is an example <SAMP
-CLASS="computeroutput"
->System Overview</SAMP
-> screen. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program is monitoring six File Servers and seven Cache Managers. The File Server process on
- host <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
-> and the Cache Manager on host <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cli33.abc.com</B
-></SPAN
->
- are each marked <SAMP
-CLASS="computeroutput"
->[ 1]</SAMP
-> to indicate that one threshold value is exceeded. The
- <SAMP
-CLASS="computeroutput"
->[PF]</SAMP
-> marker on host <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs6.abc.com</B
-></SPAN
-> indicates that its File
- Server process did not respond to the last probe.</P
-><DIV
-CLASS="figure"
-><A
-NAME="Figure_6"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="overview.png"></P
-></DIV
-><P
-><B
->Figure 6. The afsmonitor System Overview Screen</B
-></P
-></DIV
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-> </B
-></SPAN
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_394"
->The File Servers Screen</A
-></H2
-><P
->The <SAMP
-CLASS="computeroutput"
->File Servers</SAMP
-> screen displays the values collected at the most recent probe for File
- Server statistics.</P
-><P
->A summary line at the top of the screen (just below the standard program version and screen title blocks) specifies the
- number of monitored File Servers, the number of alerts, and the number of machines affected by the alerts.</P
-><P
->The first column always displays the hostnames of the machines running the monitored File Servers.</P
-><P
->To the right of the hostname column appear as many columns of statistics as can fit within the current width of the
- display screen or window; each column requires space for 10 characters. The name of the statistic appears at the top of each
- column. If the File Server on a machine did not respond to the most recent probe, a pair of dashes
- (<SAMP
-CLASS="computeroutput"
->--</SAMP
->) appears in each column. If a value exceeds its configured threshold, it is highlighted
- in reverse video. If a value is too large to fit into the allotted column width, it overflows into the next row in the same
- column.</P
-><P
->For a list of the available File Server statistics, see <A
-HREF="a34149.html"
->Appendix C, The afsmonitor Program
- Statistics</A
->.</P
-><P
->The following graphic depicts the <SAMP
-CLASS="computeroutput"
->File Servers</SAMP
-> screen that follows the System Overview
- Screen example previously discussed; however, one additional server probe has been completed. In this example, the File Server
- process on <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1</B
-></SPAN
-> has exceeded the configured threshold for the number of performance calls
- received (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->numPerfCalls</B
-></SPAN
-> statistic), and that field appears in reverse video. Host
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs6</B
-></SPAN
-> did not respond to Probe 10, so dashes appear in all fields.</P
-><DIV
-CLASS="figure"
-><A
-NAME="Figure_7"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="fserver1.png"></P
-></DIV
-><P
-><B
->Figure 7. The afsmonitor File Servers Screen</B
-></P
-></DIV
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-> </B
-></SPAN
-></P
-><P
->Both the File Servers and Cache Managers screen (discussed in the following section) can display hundreds of columns of
- data and are therefore designed to scroll left and right. In the preceding graphic, the screen displays the leftmost screen
- and the screen title block shows that column 1 of 235 is displayed. The appearance of the
- <SAMP
-CLASS="computeroutput"
->>>></SAMP
-> symbol in the upper right hand corner of the screen and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->right</B
-></SPAN
-> command in the command block indicate that additional data is available by scrolling right. (For
- information on the available statistics, see <A
-HREF="a34149.html"
->Appendix C, The afsmonitor Program
- Statistics</A
->.)</P
-><P
->If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->right</B
-></SPAN
-> command is executed, the screen looks something like the following
- example. Note that the horizontal scroll symbols now point both to the left (<SAMP
-CLASS="computeroutput"
-><<<</SAMP
->)
- and to the right (<SAMP
-CLASS="computeroutput"
->>>></SAMP
->) and both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->left</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->right</B
-></SPAN
-> commands appear, indicating that additional data is available by scrolling both left
- and right.</P
-><DIV
-CLASS="figure"
-><A
-NAME="Figure_8"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="fserver2.png"></P
-></DIV
-><P
-><B
->Figure 8. The afsmonitor File Servers Screen Shifted One Page to the Right</B
-></P
-></DIV
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-> </B
-></SPAN
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_395"
->The Cache Managers Screen</A
-></H2
-><P
->The <SAMP
-CLASS="computeroutput"
->Cache Managers</SAMP
-> screen displays the values collected at the most recent probe for
- Cache Manager statistics.</P
-><P
->A summary line at the top of the screen (just below the standard program version and screen title blocks) specifies the
- number of monitored Cache Managers, the number of alerts, and the number of machines affected by the alerts.</P
-><P
->The first column always displays the hostnames of the machines running the monitored Cache Managers.</P
-><P
->To the right of the hostname column appear as many columns of statistics as can fit within the current width of the
- display screen or window; each column requires space for 10 characters. The name of the statistic appears at the top of each
- column. If the Cache Manager on a machine did not respond to the most recent probe, a pair of dashes
- (<SAMP
-CLASS="computeroutput"
->--</SAMP
->) appears in each column. If a value exceeds its configured threshold, it is highlighted
- in reverse video. If a value is too large to fit into the allotted column width, it overflows into the next row in the same
- column.</P
-><P
->For a list of the available Cache Manager statistics, see <A
-HREF="a34149.html"
->Appendix C, The afsmonitor Program
- Statistics</A
->.</P
-><P
->The following graphic depicts a Cache Managers screen that follows the System Overview Screen previously discussed. In
- the example, the Cache Manager process on host <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cli33</B
-></SPAN
-> has exceeded the configured threshold
- for the number of cells it can contact (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->numCellsContacted</B
-></SPAN
-> statistic), so that field
- appears in reverse video.</P
-><DIV
-CLASS="figure"
-><A
-NAME="Figure_9"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="cachmgr.png"></P
-></DIV
-><P
-><B
->Figure 9. The afsmonitor Cache Managers Screen</B
-></P
-></DIV
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-> </B
-></SPAN
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ351"
->Configuring the afsmonitor Program</A
-></H1
-><P
->To customize the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program, create an ASCII-format configuration file and use
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-config</B
-></SPAN
-> argument to name it. You can specify the following in the configuration file:
- <UL
-><LI
-><P
->The File Servers, Cache Managers, or both to monitor.</P
-></LI
-><LI
-><P
->The statistics to display. By default, the display includes 271 statistics for File Servers and 570 statistics for
- Cache Managers. For information on the available statistics, see <A
-HREF="a34149.html"
->Appendix C, The afsmonitor
- Program Statistics</A
->.</P
-></LI
-><LI
-><P
->The threshold values to set for statistics and a script or program to execute if a threshold is exceeded. By
- default, no threshold values are defined and no scripts or programs are executed.</P
-></LI
-></UL
-></P
-><P
->The following list describes the instructions that can appear in the configuration file: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->cm</SAMP
-> <VAR
-CLASS="replaceable"
->hostname</VAR
-></DT
-><DD
-><P
->Names a client machine for which to display Cache Manager statistics. The order of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> lines in the file determines the order in which client machines appear from top to bottom on
- the <SAMP
-CLASS="computeroutput"
->System Overview</SAMP
-> and <SAMP
-CLASS="computeroutput"
->Cache Managers</SAMP
-> output
- screens.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->fs</SAMP
-> <VAR
-CLASS="replaceable"
->hostname</VAR
-></DT
-><DD
-><P
->Names a file server machine for which to display File Server statistics. The order of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> lines in the file determines the order in which file server machines appear from top to bottom
- on the <SAMP
-CLASS="computeroutput"
->System Overview</SAMP
-> and <SAMP
-CLASS="computeroutput"
->File Servers</SAMP
-> output
- screens.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->thresh fs | cm <VAR
-CLASS="replaceable"
->field_name</VAR
-> <VAR
-CLASS="replaceable"
->thresh_val</VAR
->
- [<VAR
-CLASS="replaceable"
->cmd_to_run</VAR
->] [<VAR
-CLASS="replaceable"
->arg1</VAR
->] . . .
- [<VAR
-CLASS="replaceable"
->argn</VAR
->]</SAMP
-></DT
-><DD
-><P
->Assigns the threshold value thresh_val to the statistic field_name, for either a File Server statistic (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->) or a Cache Manager statistic (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
->). The optional
- cmd_to_execute field names a binary or script to execute each time the value of the statistic changes from being below
- thresh_val to being at or above thresh_val. A change between two values that both exceed thresh_val does not retrigger
- the binary or script. The optional arg1 through argn fields are additional values that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program passes as arguments to the cmd_to_execute command. If any of them include one
- or more spaces, enclose the entire field in double quotes.</P
-><P
->The parameters <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
->, field_name,
- threshold_val, and arg1 through argn correspond to the values with the same name on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thresh</B
-></SPAN
-> line. The host_name parameter identifies the file server or client machine where the
- statistic has crossed the threshold, and the actual_val parameter is the actual value of field_name that equals or
- exceeds the threshold value.</P
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thresh</B
-></SPAN
-> line to set either a global threshold, which applies to all file
- server machines listed on <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> lines or client machines listed on <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> lines in the configuration file, or a machine-specific threshold, which applies to only one
- file server or client machine. <UL
-><LI
-><P
->To set a global threshold, place the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thresh</B
-></SPAN
-> line before any of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> lines in the file.</P
-></LI
-><LI
-><P
->To set a machine-specific threshold, place the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thresh</B
-></SPAN
-> line below the
- corresponding <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> line, and above any other
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> lines. A machine-specific threshold
- value always overrides the corresponding global threshold, if set. Do not place a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thresh
- fs</B
-></SPAN
-> line directly after a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> line or a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thresh
- cm</B
-></SPAN
-> line directly after a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> line.</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->show fs | cm <VAR
-CLASS="replaceable"
->field/group/section</VAR
-></SAMP
-></DT
-><DD
-><P
->Specifies which individual statistic, group of statistics, or section of statistics to display on the
- <SAMP
-CLASS="computeroutput"
->File Servers</SAMP
-> screen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->) or <SAMP
-CLASS="computeroutput"
->Cache
- Managers</SAMP
-> screen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
->) and the order in which to display them. The
- appendix of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> statistics in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration
- Guide</I
-></SPAN
-> specifies the group and section to which each statistic belongs. Include as many <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->show</B
-></SPAN
-> lines as necessary to customize the screen display as desired, and place them anywhere in
- the file. The top-to-bottom order of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->show</B
-></SPAN
-> lines in the configuration file
- determines the left-to-right order in which the statistics appear on the corresponding screen.</P
-><P
->If there are no <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->show</B
-></SPAN
-> lines in the configuration file, then the screens display
- all statistics for both Cache Managers and File Servers. Similarly, if there are no <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->show
- fs</B
-></SPAN
-> lines, the <SAMP
-CLASS="computeroutput"
->File Servers</SAMP
-> screen displays all file server statistics, and
- if there are no <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->show cm</B
-></SPAN
-> lines, the <SAMP
-CLASS="computeroutput"
->Cache Managers</SAMP
->
- screen displays all client statistics.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-># comments</B
-></SPAN
-></DT
-><DD
-><P
->Precedes a line of text that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program ignores because of the
- initial number (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->#</B
-></SPAN
->) sign, which must appear in the very first column of the line.</P
-></DD
-></DL
-></DIV
-></P
-><P
->For a list of the values that can appear in the field/group/section field of a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->show</B
-></SPAN
->
- instruction, see <A
-HREF="a34149.html"
->Appendix C, The afsmonitor Program Statistics</A
->.)</P
-><P
->The following example illustrates a possible configuration file:</P
-><PRE
-CLASS="programlisting"
-> thresh cm dlocalAccesses 1000000
- thresh cm dremoteAccesses 500000 handleDRemote
- thresh fs rx_maxRtt_Usec 1000
- cm client5
- cm client33
- cm client14
- thresh cm dlocalAccesses 2000000
- thresh cm vcacheMisses 10000
- cm client2
- fs fs3
- fs fs9
- fs fs5
- fs fs10
- show cm numCellsContacted
- show cm dlocalAccesses
- show cm dremoteAccesses
- show cm vcacheMisses
- show cm Auth_Stats_group
-</PRE
-><P
->Since the first three <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thresh</B
-></SPAN
-> instructions appear before any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> instructions, they set global threshold values: <UL
-><LI
-><P
->All Cache Manager process in this file use <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1000000</B
-></SPAN
-> as the threshold for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dlocalAccesses</B
-></SPAN
-> statistic (except for the machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->client2</B
-></SPAN
->
- which uses an overriding value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2000000</B
-></SPAN
->.)</P
-></LI
-><LI
-><P
->All Cache Manager processes in this file use <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->500000</B
-></SPAN
-> as the threshold value for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dremoteAccesses</B
-></SPAN
-> statistic; if that value is exceeded, the script <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->handleDRemote</B
-></SPAN
-> is invoked.</P
-></LI
-><LI
-><P
->All File Server processes in this file use <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1000</B
-></SPAN
-> as the threshold value for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rx_maxRtt_Usec</B
-></SPAN
-> statistic.</P
-></LI
-></UL
-></P
-><P
->The four <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cm</B
-></SPAN
-> instructions monitor the Cache Manager on the machines <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->client5</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->client33</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->client14</B
-></SPAN
->, and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->client2</B
-></SPAN
->. The first three use all of the global threshold values.</P
-><P
->The Cache Manager on <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->client2</B
-></SPAN
-> uses the global threshold value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dremoteAccesses</B
-></SPAN
-> statistic, but a different one for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dlocalAccesses</B
-></SPAN
->
- statistic. Furthermore, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->client22</B
-></SPAN
-> is the only Cache Manager that uses the threshold set for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vcacheMisses</B
-></SPAN
-> statistic.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> instructions monitor the File Server on the machines <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs3</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs9</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs5</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs10</B
-></SPAN
->. They all use the global threshold for the<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rx_maxRtt_Usec</B
-></SPAN
->
- statistic.</P
-><P
->Because there are no <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->show fs</B
-></SPAN
-> instructions, the File Servers screen displays all File
- Server statistics. The Cache Managers screen displays only the statistics named in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->show cm</B
-></SPAN
->
- instructions, ordering them from left to right. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Auth_Stats_group</B
-></SPAN
-> includes several
- statistics, all of which are displayed (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->curr_PAGs</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->curr_Records</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->curr_AuthRecords</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->curr_UnauthRecords</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->curr_MaxRecordsInPAG</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->curr_LongestChain</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->PAGCreations</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->TicketUpdates</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->HWM_PAGS</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->HWM_Records</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->HWM_MaxRecordsInPAG</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->HWM_LongestChain</B
-></SPAN
->).</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ352"
->Writing afsmonitor Statistics to a File</A
-></H1
-><P
->All of the statistical information collected and displayed by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program can
- be preserved by writing it to an output file. You can create an output file by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-output</B
-></SPAN
-> argument when you startup the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> process. You can use
- the output file to track process performance over long periods of time and to apply post-processing techniques to further
- analyze system trends.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program output file is a simple ASCII file that records the information
- reported by the File Server and Cache Manager screens. The output file has the following format:</P
-><PRE
-CLASS="programlisting"
-> time host_name <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CM</B
-></SPAN
->|<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FS</B
-></SPAN
-> list_of_measured_values
-</PRE
-><P
->and specifies the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->time</I
-></SPAN
-> at which the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->list_of_measured_values</I
-></SPAN
-> were gathered from
- the Cache Manager (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CM</B
-></SPAN
->) or File Server (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FS</B
-></SPAN
->) process housed on
- host_name. On those occasion where probes fail, the value <SAMP
-CLASS="computeroutput"
->-1</SAMP
-> is reported instead of the
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->list_of_measured_values</I
-></SPAN
->.</P
-><P
->This file format provides several advantages: <UL
-><LI
-><P
->It can be viewed using a standard editor. If you intend to view this file frequently, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-detailed</B
-></SPAN
-> flag with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-output</B
-></SPAN
-> argument. It formats the output
- file in a way that is easier to read.</P
-></LI
-><LI
-><P
->It can be passed through filters to extract desired information using the standard set of UNIX tools.</P
-></LI
-><LI
-><P
->It is suitable for long term storage of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program output.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="Header_398"
->To start the afsmonitor Program</A
-></H1
-><OL
-TYPE="1"
-><LI
-><P
->Open a separate command shell window or use a dedicated terminal for each instance of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program. This window or terminal must be devoted to the exclusive use of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> process because the command cannot be run in the background.</P
-></LI
-><LI
-><P
->Initialize the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program. The message <SAMP
-CLASS="computeroutput"
->afsmonitor Collecting
- Statistics...</SAMP
->, followed by the appearance of the <SAMP
-CLASS="computeroutput"
->System Overview</SAMP
-> screen,
- confirms a successful start. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-config</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->configuration file</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->poll frequency, in seconds</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-output</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->storage file name</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-detailed</B
-></SPAN
->] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debug</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->turn debugging output on to the named file</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fshosts</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->list of file servers to monitor</VAR
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmhosts</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->list of cache managers to monitor</VAR
->>+]
- afsmonitor Collecting Statistics...
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
-></DT
-><DD
-><P
->Is an optional string that accommodates the command's use of the AFS command parser. It can be omitted and
- ignored.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-config</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> configuration file, which lists the
- machines and statistics to monitor. Partial pathnames are interpreted relative to the current working directory.
- Provide either this argument or one or both of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fshosts</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmhosts</B
-></SPAN
-> arguments. You must use a configuration file to set thresholds or customize the
- screen display. For instructions on creating the configuration file, see <A
-HREF="c18360.html#HDRWQ351"
->Configuring the
- afsmonitor Program</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-></DT
-><DD
-><P
->Specifies how often to probe the File Server and Cache Manager processes, as a number of seconds. Acceptable
- values range from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->86400</B
-></SPAN
->; the default value
- is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->60</B
-></SPAN
->. This frequency applies to both File Server and Cache Manager probes;
- however, File Server and Cache Manager probes are initiated and processed independent of each other. The actual
- interval between probes to a host is the probe frequency plus the time needed by all hosts to respond to the
- probe.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-output</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name of an output file to which to write all of the statistical data. By default, no output file
- is created. For information on this file, see <A
-HREF="c18360.html#HDRWQ352"
->Writing afsmonitor Statistics to a
- File</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-detailed</B
-></SPAN
-></DT
-><DD
-><P
->Formats the output file named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-output</B
-></SPAN
-> argument to be more easily
- readable. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-output</B
-></SPAN
-> argument must be provided along with this flag.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fshosts</B
-></SPAN
-></DT
-><DD
-><P
->Identifies each File Server process to monitor by specifying the host it is running on. You can identify a
- host using either its complete Internet-style host name or an abbreviation acceptable to the cell's naming service.
- Combine this argument with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmhosts</B
-></SPAN
-> if you wish, but not the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-config</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmhosts</B
-></SPAN
-></DT
-><DD
-><P
->Identifies each Cache Manager process to monitor by specifying the host it is running on. You can identify a
- host using either its complete Internet-style host name or an abbreviation acceptable to the cell's naming service.
- Combine this argument with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fshosts</B
-></SPAN
-> if you wish, but not the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-config</B
-></SPAN
-> argument.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="Header_399"
->To stop the afsmonitor program</A
-></H1
-><P
->To exit an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program session, Enter the <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->> interrupt signal or an uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Q</B
-></SPAN
->.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ353"
->The xstat Data Collection Facility</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat</B
-></SPAN
-> data collection
- facility to gather and calculate the data that it (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program) then uses to perform
- its function. You can also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat</B
-></SPAN
-> facility to create your own data display programs. If
- you do, keep the following in mind. The File Server considers any program calling its RPC routines to be a Cache Manager;
- therefore, any program calling the File Server interface directly must export the Cache Manager's callback interface. The
- calling program must be capable of emulating the necessary callback state, and it must respond to periodic keep-alive messages
- from the File Server. In addition, a calling program must be able to gather the collected data.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat</B
-></SPAN
-> facility consists of two C language libraries available to user-level
- applications: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/lib/afs/libxstat_fs.a</B
-></SPAN
-> exports calls that gather information from one or
- more running File Server processes.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/lib/afs/libxstat_cm.a</B
-></SPAN
-> exports calls that collect information from one or
- more running Cache Managers.</P
-></LI
-></UL
-></P
-><P
->The libraries allow the caller to register <UL
-><LI
-><P
->A set of File Servers or Cache Managers to be examined.</P
-></LI
-><LI
-><P
->The frequency with which the File Servers or Cache Managers are to be probed for data.</P
-></LI
-><LI
-><P
->A user-specified routine to be called each time data is collected.</P
-></LI
-></UL
-></P
-><P
->The libraries handle all of the lightweight processes, callback interactions, and timing issues associated with the data
- collection. The user needs only to process the data as it arrives.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_401"
->The libxstat Libraries</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->libxstat_fs.a</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->libxstat_cm.a</B
-></SPAN
-> libraries handle
- the callback requirements and other complications associated with the collection of data from File Servers and Cache Managers.
- The user provides only the means of accumulating the desired data. Each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat</B
-></SPAN
-> library
- implements three routines: <UL
-><LI
-><P
->Initialization (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_fs_Init</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_cm_Init</B
-></SPAN
->)
- arranges the periodic collection and handling of data.</P
-></LI
-><LI
-><P
->Immediate probe (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_fs_ForceProbeNow</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_cm_ForceProbeNow</B
-></SPAN
->) forces the immediate collection of data, after which collection returns
- to its normal probe schedule.</P
-></LI
-><LI
-><P
->Cleanup (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_fs_Cleanup</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_cm_Cleanup</B
-></SPAN
->)
- terminates all connections and removes all traces of the data collection from memory.</P
-></LI
-></UL
-></P
-><P
->The File Server and Cache Manager each define data collections that clients can fetch. A data collection is simply a
- related set of numbers that can be collected as a unit. For example, the File Server and Cache Manager each define profiling
- and performance data collections. The profiling collections maintain counts of the number of times internal functions are
- called within servers, allowing bottleneck analysis to be performed. The performance collections record, among other things,
- internal disk I/O statistics for a File Server and cache effectiveness figures for a Cache Manager, allowing for performance
- analysis.</P
-><P
->For a copy of the detailed specification which provides much additional usage information about the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat</B
-></SPAN
-> facility, its libraries, and the routines in the libraries, contact AFS Product Support.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_402"
->Example xstat Commands</A
-></H2
-><P
->AFS comes with two low-level, example commands: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_fs_test</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_cm_test</B
-></SPAN
->. The commands allow you to experiment with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat</B
-></SPAN
->
- facility. They gather information and display the available data collections for a File Server or Cache Manager. They are
- intended merely to provide examples of the types of data that can be collected via <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat</B
-></SPAN
->;
- they are not intended for use in the actual collection of data.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_403"
->To use the example xstat_fs_test command</A
-></H3
-><OL
-TYPE="1"
-><LI
-><P
->Issue the example <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_fs_test</B
-></SPAN
-> command to test the routines in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->libxstat_fs.a</B
-></SPAN
-> library and display the data collections associated with the File Server process.
- The command executes in the foreground. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_fs_test</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
->] \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fsname</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->File Server name(s) to monitor</VAR
->>+ \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-collID</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->Collection(s) to fetch</VAR
->>+ [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-onceonly</B
-></SPAN
->] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->poll frequency, in seconds</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-period</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->data collection time, in minutes</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debug</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_fs_test</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
-></DT
-><DD
-><P
->Is an optional string that accommodates the command's use of the AFS command parser. It can be omitted and
- ignored.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fsname</B
-></SPAN
-></DT
-><DD
-><P
->Is the Internet host name of each file server machine on which to monitor the File Server process.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-collID</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each data collection to return. The indicated data collection defines the type and amount of
- data the command is to gather about the File Server. Data is returned in the form of a predefined data structure
- (refer to the specification documents referenced previously for more information about the data
- structures).</P
-><P
->There are two acceptable values: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> reports various internal performance statistics related to the
- File Server (for example, vnode cache entries and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Rx</B
-></SPAN
-> protocol
- activity).</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2</B
-></SPAN
-> reports all of the internal performance statistics provided by
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> setting, plus some additional, detailed performance figures about
- the File Server (for example, minimum, maximum, and cumulative statistics regarding File Server RPCs, how
- long they take to complete, and how many succeed).</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-onceonly</B
-></SPAN
-></DT
-><DD
-><P
->Directs the command to gather statistics just one time. Omit this option to have the command continue to
- probe the File Server for statistics every 30 seconds. If you omit this option, you can use the <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->> interrupt signal to halt the command at any time.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-></DT
-><DD
-><P
->Sets the frequency in seconds at which the program initiates probes to the File Server. If you omit this
- argument, the default is 30 seconds.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-period</B
-></SPAN
-></DT
-><DD
-><P
->Sets how long the utility runs before exiting, as a number of minutes. If you omit this argument, the
- default is 10 minutes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debug</B
-></SPAN
-></DT
-><DD
-><P
->Displays additional information as the command runs.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_404"
->To use the example xstat_cm_test command</A
-></H3
-><OL
-TYPE="1"
-><LI
-><P
->Issue the example <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_cm_test</B
-></SPAN
-> command to test the routines in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->libxstat_cm.a</B
-></SPAN
-> library and display the data collections associated with the Cache Manager. The
- command executes in the foreground. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_cm_test</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
->] \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmname</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->Cache Manager name(s) to monitor</VAR
->>+ \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-collID</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->Collection(s) to fetch</VAR
->>+ \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-onceonly</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->poll frequency, in seconds</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-period</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->data collection time, in minutes</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debug</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->xstat_cm_test</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
-></DT
-><DD
-><P
->Is an optional string that accommodates the command's use of the AFS command parser. It can be omitted and
- ignored.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmname</B
-></SPAN
-></DT
-><DD
-><P
->Is the host name of each client machine on which to monitor the Cache Manager.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-collID</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each data collection to return. The indicated data collection defines the type and amount of
- data the command is to gather about the Cache Manager. Data is returned in the form of a predefined data
- structure (refer to the specification documents referenced previously for more information about the data
- structures).</P
-><P
->There are two acceptable values: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> provides profiling information about the numbers of times
- different internal Cache Manager routines were called since the Cache manager was started.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> reports various internal performance statistics related to the
- Cache manager (for example, statistics about how effectively the cache is being used and the quantity of
- intracell and intercell data access).</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2</B
-></SPAN
-> reports all of the internal performance statistics provided by
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> setting, plus some additional, detailed performance figures about
- the Cache Manager (for example, statistics about the number of RPCs sent by the Cache Manager and how long
- they take to complete; and statistics regarding things such as authentication, access, and PAG information
- associated with data access).</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-onceonly</B
-></SPAN
-></DT
-><DD
-><P
->Directs the command to gather statistics just one time. Omit this option to have the command continue to
- probe the Cache Manager for statistics every 30 seconds. If you omit this option, you can use the <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->> interrupt signal to halt the command at any time.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-frequency</B
-></SPAN
-></DT
-><DD
-><P
->Sets the frequency in seconds at which the program initiates probes to the Cache Manager. If you omit this
- argument, the default is 30 seconds.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-period</B
-></SPAN
-></DT
-><DD
-><P
->Sets how long the utility runs before exiting, as a number of minutes. If you omit this argument, the
- default is 10 minutes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debug</B
-></SPAN
-></DT
-><DD
-><P
->Displays additional information as the command runs.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ354"
->Auditing AFS Events on AIX File Servers</A
-></H1
-><P
->You can audit AFS events on AIX File Servers using an AFS mechanism that transfers audit information from AFS to the AIX
- auditing system. The following general classes of AFS events can be audited. For a complete list of specific AFS audit events,
- see <A
-HREF="a35965.html"
->Appendix D, AIX Audit Events</A
->. <UL
-><LI
-><P
->Authentication and Identification Events</P
-></LI
-><LI
-><P
->Security Events</P
-></LI
-><LI
-><P
->Privilege Required Events</P
-></LI
-><LI
-><P
->Object Creation and Deletion Events</P
-></LI
-><LI
-><P
->Attribute Modification Events</P
-></LI
-><LI
-><P
->Process Control Events</P
-></LI
-></UL
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->This section assumes familiarity with the AIX auditing system. For more information, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->AIX System
- Management Guide</I
-></SPAN
-> for the version of AIX you are using.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_406"
->Configuring AFS Auditing on AIX File Servers</A
-></H2
-><P
->The directory <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/audit</B
-></SPAN
-> contains three files that contain the information
- needed to configure AIX File Servers to audit AFS events: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->events.sample</B
-></SPAN
-> file contains information on auditable AFS events. The contents
- of this file are integrated into the corresponding AIX events file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/security/audit/events</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->config.sample</B
-></SPAN
-> file defines the six classes of AFS audit events and the events
- that make up each class. It also defines the classes of AFS audit events to audit for the File Server, which runs as the
- local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->. The contents of this file must be integrated into the
- corresponding AIX config file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/security/audit/config</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->objects.sample</B
-></SPAN
-> file contains a list of information about audited files. You
- must only audit files in the local file space. The contents of this file must be integrated into the corresponding AIX
- objects file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/security/audit/objects</B
-></SPAN
->).</P
-></LI
-></UL
-></P
-><P
->Once you have properly configured these files to include the AFS-relevant information, use the AIX auditing system to
- start up and shut down the auditing.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_407"
->To enable AFS auditing</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Create the following string in the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/Audit</B
-></SPAN
-> on each File Server on
- which you plan to audit AFS events: <PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AFS_AUDIT_AllEvents</B
-></SPAN
-></PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command (with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-> flag)
- to stop and restart all server processes on each File Server. For instructions on using this command, see <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_408"
->To disable AFS auditing</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Remove the contents of the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/Audit</B
-></SPAN
-> on each File Server for which
- you are no longer interested in auditing AFS events.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command (with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-> flag)
- to stop and restart all server processes on each File Server. For instructions on using this command, see <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->.</P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c15383.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c20494.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Backing Up and Restoring AFS Data</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p3023.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Managing Server Encryption Keys</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Managing Server Encryption Keys</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing File Server Machines"
-HREF="p3023.html"><LINK
-REL="PREVIOUS"
-TITLE="Monitoring and Auditing AFS Performance"
-HREF="c18360.html"><LINK
-REL="NEXT"
-TITLE="Managing Client Machines"
-HREF="p21471.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c18360.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="p21471.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ355"
-></A
->Chapter 9. Managing Server Encryption Keys</H1
-><P
->This chapter explains how to maintain your cell's server encryption keys, which are vital for secure communications in
- AFS.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ356"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN20500"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="70*"><COL
-WIDTH="30*"><TBODY
-><TR
-><TD
->Add a new server encryption key</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos addkey</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Inspect key checksums in the Authentication Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Inspect key checksums in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove an old server encryption key</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos removekey</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ358"
->About Server Encryption Keys</A
-></H1
-><P
->An encryption key is a string of octal numbers used to encrypt and decrypt packets of information. In AFS, a server
- encryption key is the key used to protect information being transferred between AFS server processes and between them and their
- clients. A server encryption key is essentially a password for a server process and like a user password is stored in the
- Authentication Database.</P
-><P
->Maintaining your cell's server encryption keys properly is the most basic way to protect the information in your AFS
- filespace from access by unauthorized users.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_412"
->Keys and Mutual Authentication: A Review</A
-></H2
-><P
->Server encryption keys play a central role in the mutual authentication between client and server processes in AFS. For
- a more detailed description of mutual authentication, see <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual
- Authentication</A
->.</P
-><P
->When a client wants to contact an AFS server, it first contacts the Ticket Granting Service (TGS) module of the
- Authentication Server. After verifying the client's identity (based indirectly on the password of the human user whom the
- client represents), the TGS gives the client a server ticket. This ticket is encrypted with the server's encryption key. (The
- TGS also invents a second encryption key, called the session key, to be used only for a single episode of communication
- between server and client. The server ticket and session key, together with other pieces of information, are collectively
- referred to as a token.)</P
-><P
->The client cannot read the server ticket or token because it does not know the server encryption key. However, the
- client sends it to the AFS server along with service requests, because the ticket proves to the AFS server processes that it
- has already authenticated with the TGS. AFS servers trust the TGS to grant tickets only to valid clients. The fact that the
- client possesses a ticket encrypted with the server's encryption key proves to the server that the client is valid. On the
- other hand, the client assumes that only a genuine AFS server knows the server encryption key needed to decrypt the ticket.
- The server's ability to decrypt the ticket and understand its contents proves to the client that the server is
- legitimate.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_413"
->Maintaining AFS Server Encryption Keys</A
-></H2
-><P
->As you maintain your cell's server encryption keys, keep the following in mind. <UL
-><LI
-><P
->Change the key frequently to enhance your cell's security. Changing the key at least once a month is strongly
- recommended.</P
-></LI
-><LI
-><P
->The AFS server encryption key currently in use is stored in two places. When you add a new key, you must make
- changes in both places and make them in the correct order, as instructed in <A
-HREF="c20494.html#HDRWQ362"
->Adding Server
- Encryption Keys</A
->. Failure to follow the instructions can seriously impair cell functioning, as clients and servers
- become unable to communicate. The two storage sites for the current server encryption key are the following:
- <OL
-TYPE="1"
-><LI
-><P
->The file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> on the local disk of every file server
- machine. The file can list more than one key, each with an associated numerical identifier, the key version number
- or kvno. A client token records the key version number of the key used to seal it, and the server process
- retrieves the appropriate key from this file when the client presents the token.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry in the Authentication Database. The current server encryption
- key is in the entry's password field, just like an individual user's scrambled password. The Authentication
- Server's Ticket Granting Service (TGS) uses this key to encrypt the tokens it gives to clients. There is only a
- single key in the entry, because the TGS never needs to read existing tokens, but only to generate new ones by
- using the current key.</P
-></LI
-></OL
-></P
-><P
->For instructions on creating the initial <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> files as you install your cell's first server machine, see the IBM AFS Quick
- Beginnings.</P
-></LI
-><LI
-><P
->At any specific time, the tokens that the Authentication Server's Ticket Granting Service gives to clients are
- sealed with only one of the server encryption keys, namely the one stored in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
->
- entry in the Authentication Database.</P
-></LI
-><LI
-><P
->When you add a new server encryption key, you cannot immediately remove the former key from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file on the local disk of every AFS server machine. Any time that you add a
- new key, it is likely that some clients still have valid, unexpired tokens sealed with the previous key. The more
- frequently you change the server encryption key, the more such tickets there are likely to be. To be able to grant
- service appropriately to clients with such tokens, an AFS server process must still be able to access the server
- encryption key used to seal it.</P
-><P
->You can safely delete an old server encryption key only when it is certain that no clients have tokens sealed with
- that key. In general, wait a period of time at least as long as the maximum token lifetime in your cell. By default, the
- maximum token lifetime for users is 25 hours (except for users whose Authentication Database entries were created by
- using the 3.0 version of AFS, for whom the default is 100 hours). You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-lifetime</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command to change this
- default.</P
-><P
->Instructions for removing obsolete keys appear in <A
-HREF="c20494.html#HDRWQ368"
->Removing Server Encryption
- Keys</A
->.</P
-></LI
-><LI
-><P
->You create a new AFS server encryption key in much the same way regular users change their passwords, by providing
- a character string that is converted into an encryption key automatically. See <A
-HREF="c20494.html#HDRWQ362"
->Adding Server
- Encryption Keys</A
->.</P
-></LI
-><LI
-><P
->In addition to using server encryption keys when communicating with clients, the server processes use them to
- protect communications with other server processes. Therefore, all server machines in your cell must have the same
- version of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file. The easiest way to maintain consistency (if you run the
- United States edition of AFS) is to use the Update Server to distribute the contents of the system control machine's
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory to all of the other server machines. There are two implications:
- <UL
-><LI
-><P
->You must run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upserver</B
-></SPAN
-> process on the system control machine and an
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
-> process on all other server machines that references the system
- control machine. The IBM AFS Quick Beginnings explains how to install both processes. For instructions on
- verifying that the Update Server processes are running, see <A
-HREF="c6449.html#HDRWQ158"
->Displaying Process Status and
- Information from the BosConfig File</A
->.</P
-></LI
-><LI
-><P
->Change the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file only on the system control machine (except in the
- types of emergencies discussed in <A
-HREF="c20494.html#HDRWQ370"
->Handling Server Encryption Key Emergencies</A
->). Any
- changes you make on other server machines are overwritten the next time the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
-> process retrieves the contents of the system control machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory. By default, this happens every five minutes.</P
-></LI
-></UL
-></P
-><P
->If you run the international edition of AFS, do not use the Update Server to distribute the contents of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory, particularly the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file.
- The data in the file is too sensitive for transfer in unencrypted form, and because of United States government exports
- regulations the international edition of AFS does not include the necessary encryption routines in a form that the
- Update Server can use. You must instead modify the file on each server machine individually, taking care to enter the
- same key on every server machine.</P
-></LI
-><LI
-><P
->Never edit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> directly with a text editor. Instead, always use the
- appropriate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> commands as instructed in <A
-HREF="c20494.html#HDRWQ362"
->Adding Server
- Encryption Keys</A
-> and <A
-HREF="c20494.html#HDRWQ368"
->Removing Server Encryption Keys</A
->.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ359"
->Displaying Server Encryption Keys</A
-></H1
-><P
->To display the server encryption keys in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file on any file server
- machine, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
->
- command to display the key in the Authentication Database's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry.</P
-><P
->By default the commands do not display the actual string of octal digits that constitute a key, but rather a checksum, a
- decimal number derived by encrypting a constant with the key. This prevents unauthorized users from easily accessing the actual
- key, which they can then use to falsify or eavesdrop on protected communications. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- listkeys</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> commands generate the same checksum for a given key, so
- displaying checksums rather than actual keys is generally sufficient. If you suspect that the keys differ in a way that the
- checksums are not revealing, then you are probably experiencing authentication problems throughout your cell. The easiest
- solution is to create a new server encryption key following the instructions in <A
-HREF="c20494.html#HDRWQ362"
->Adding Server
- Encryption Keys</A
-> or <A
-HREF="c20494.html#HDRWQ370"
->Handling Server Encryption Key Emergencies</A
->. Another common reason to
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command is to display the key version numbers currently in use, in
- preparation for choosing the next one; here, the checksum is sufficient because the key itself is irrelevant.</P
-><P
->If it is important to display the actual octal digits, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showkey</B
-></SPAN
-> argument to
- both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> commands.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ360"
->To display the KeyFile file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command to display the contents of one machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showkey</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listkeys</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names a file server machine. In the normal case, it is acceptable to name any machine, because correct cell
- functioning requires that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file be the same on all of them.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showkey</B
-></SPAN
-></DT
-><DD
-><P
->Displays the octal digits that constitute each key.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->In the following example, the output displays a checksum for each server encryption key rather than the actual octal
- digits. The penultimate line indicates when an administrator last changed the file, and the final line confirms that the
- output is complete.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys fs1.abc.com</B
-></SPAN
->
- key 0 has cksum 972037177
- key 1 has cksum 2825165022
- Keys last changed on Wed Jan 13 11:20:29 1999.
- All done.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ361"
->To display the afs key from the Authentication Database</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command to display the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
->
- entry in the Authentication Database.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine afs</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showkey</B
-></SPAN
->] \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->e</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->examine</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-></DT
-><DD
-><P
->Designates the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showkey</B
-></SPAN
-></DT
-><DD
-><P
->Displays the octal digits that constitute the key.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account with the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication
- Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as admin_user. Enter
- the appropriate password as admin_password.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->In the following example, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> user displays the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry without using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showkey</B
-></SPAN
-> flag. The second line shows the
- key version number in parentheses and the key's checksum. The line that begins with the string <SAMP
-CLASS="computeroutput"
->last
- mod</SAMP
-> reports the date on which the indicated administrator changed the key. There is no necessary relationship
- between this date and the date reported by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command, because the latter date
- changes for any type of change to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file, not just a key addition. For a
- description of the other lines in the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command, see its reference
- page in the IBM AFS Administration Reference.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine afs -admin admin</B
-></SPAN
->
- Administrator's (admin) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
- User data for afs
- key (1) cksum is 2825165022, last cpw: no date
- password will never expire.
- An unlimited number of unsuccessful authentications is permitted.
- entry expires on never. Max ticket lifetime 100.00 hours.
- last mod on Wed Jan 13 11:21:36 1999 by admin
- permit password reuse
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ362"
->Adding Server Encryption Keys</A
-></H1
-><P
->As noted, AFS records server encryption keys in two separate places: <OL
-TYPE="1"
-><LI
-><P
->In the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> on the local disk of each server machine, for use
- by the AFS server processes running on the machine</P
-></LI
-><LI
-><P
->In the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry in the Authentication Database, for use by the Ticket Granting
- Service (TGS) when creating tokens</P
-></LI
-></OL
-></P
-><P
->To ensure that server processes and the TGS share the same AFS server encryption key, execute all the steps in this
- section without interruption.</P
-><P
->The following instructions include a step in which you restart the database server processes (the Authentication, Backup,
- Protection, and Volume Location Server processes) on all database server machines. As a database server process starts, it reads
- in the server encryption key that has the highest key version number in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file and
- uses it to protect the messages that it sends for synchronizing the database and maintaining quorum. It uses the same key
- throughout its lifetime, which can be for an extended period, even if you remove the key from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file. However, if one of the peer database server processes restarts and the others do not,
- quorum and database synchronization break down because the processes are no longer using the same key: the restarted process is
- using the key that currently has the highest key version number, and the other processes are still using the key they read in
- when they originally started. To avoid this problem, it is safest to restart all of the database server processes when adding a
- new key.</P
-><P
->After adding a new key, you can remove obsolete keys from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file to prevent it
- from becoming cluttered. However, you must take care not to remove keys that client or server processes are still using. For
- discussion and instructions, see <A
-HREF="c20494.html#HDRWQ368"
->Removing Server Encryption Keys</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ363"
->To add a new server encryption key</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ364"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command to display the key version
- numbers that are already in use, as a first step in choosing the key version number for the new key. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listkeys</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names any file server machine.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ365"
-></A
->Choose a key version number for the new key, based on the output from Step <A
-HREF="c20494.html#LIWQ364"
->2</A
-> and the following requirements: <UL
-><LI
-><P
->A key version number must be an integer between 0 (zero) and 255 to comply with Kerberos standards. It is
- simplest if you keep your key version numbers in sequence by choosing a key version number one greater than the
- largest existing one.</P
-></LI
-><LI
-><P
->Do not reuse a key version number currently found in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file,
- particularly if it is also the one in the Authentication Database <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry. Client
- processes possibly still have tickets sealed with the key that originally had that key version number, but the
- server processes start using the new key marked with that key version number. Because the keys do not match, the
- server processes refuse requests from clients who hold legitimate tokens.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ366"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos addkey</B
-></SPAN
-> command to create a new AFS server
- encryption key in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file.</P
-><P
->If you run the United States edition of AFS and use the Update Server to distribute the contents of the system
- control machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory, substitute the system control machine for the
- machine name argument. (If you have forgotten which machine is the system control machine, see <A
-HREF="c3025.html#HDRWQ96"
->To
- locate the system control machine</A
->.)</P
-><P
->If you run the international edition of AFS or do not use the Update Server, repeat the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- addkey</B
-></SPAN
-> command, substituting each server machine in your cell for the machine name argument in turn.</P
-><P
->To avoid visible echoing of the string that corresponds to the new key, omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-key</B
-></SPAN
-> argument from the command line; instead enter the string at the prompts that appear when you
- omit it, as shown in the following syntax specification.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos addkey -server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kvno</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->key version number</VAR
->>
- input key: <<VAR
-CLASS="replaceable"
->afs_password</VAR
->>
- Retype input key: <<VAR
-CLASS="replaceable"
->afs_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addkey</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Names the cell's system control machine if you are using the Update Server, or each server machine in turn
- if you are not.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kvno</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the new key's key version number as an integer from the range 0 (zero) through 255.</P
-><P
->Remember the number. You need to use it again in Step <A
-HREF="c20494.html#LIWQ367"
->6</A
->. If you are using the
- international edition of AFS, be sure to type the same number each time you issue this command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs_password</B
-></SPAN
-></DT
-><DD
-><P
->Is a character string similar to a user password, of any length from one to about 1,000 characters. To
- improve security, include nonalphabetic characters and make the string as long as is practical (you need to type
- it only in this step and in Step <A
-HREF="c20494.html#LIWQ367"
->6</A
->). If you are using the international edition of
- AFS, be sure to type the same string each time you issue this command.</P
-><P
->Do not enter an octal string directly. The BOS Server scrambles the character string into an octal string
- appropriate for use as an encryption key before recording it in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
->
- file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you are using the Update Server, wait for a few minutes while the Update Server distributes the new <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file to all server machines. The maximum necessary waiting period is the largest value
- provided for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-t</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
->
- process's initialization command used on any of the server machines; the default time is five minutes.</P
-><P
->To be certain that all machines have the same <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command for every file server machine and verify that the checksum for the new key is
- the same on all machines.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-><P
->If you are not using the Update Server, try to complete Step <A
-HREF="c20494.html#LIWQ366"
->4</A
-> within five
- minutes.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ367"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> command to enter the same key in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry in the Authentication Database.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword -name afs -kvno</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->kvno</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
- new_password: afs_password
- Verifying, please re-enter new_password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sp</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setpassword</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setp</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name afs</B
-></SPAN
-></DT
-><DD
-><P
->Creates the new key in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kvno</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the same key version number as in Step <A
-HREF="c20494.html#LIWQ366"
->4</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account with the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication
- Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as admin_user. Enter
- the appropriate password as admin_password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs_password</B
-></SPAN
-></DT
-><DD
-><P
->Is the same character string you entered in Step <A
-HREF="c20494.html#LIWQ366"
->4</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional.)</B
-></SPAN
-> If you want to verify that the keys you just created in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file and the Authentication Database <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry are
- identical and have the same key version number, follow the instructions in <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server
- Encryption Keys</A
->.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command to restart the database server processes on all
- database server machines. This forces them to start using the key in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file
- that currently has the highest key version number.</P
-><P
->Repeat this command in quick succession for each database server machine, starting with the machine that has the
- lowest IP address.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver kaserver ptserver vlserver</B
-></SPAN
->
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->res</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restart</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names each database server machine in turn.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver kaserver ptserver vlserver</B
-></SPAN
-></DT
-><DD
-><P
->Designates the Backup Server, Authentication Server, Protection Server, and Volume Location (VL) Server,
- respectively.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ368"
->Removing Server Encryption Keys</A
-></H1
-><P
->You can periodically remove old keys from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file to keep it to a
- reasonable size. To avoid disturbing cell functioning, do not remove an old key until all tokens sealed with the key and held by
- users or client processes have expired. After adding a new key, wait to remove old keys at least as long as the longest token
- lifetime you use in your cell. For Authentication Database user entries created under AFS version 3.1 or higher, the default
- token lifetime is 25 hours; for entries created under AFS version 3.0, it is 100 hours.</P
-><P
->There is no command for removing the key from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry in the Authentication
- Database, because the key field in that entry must never be empty. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
->
- command to replace the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> key, but only as part of the complete procedure detailed in <A
-HREF="c20494.html#HDRWQ363"
->To add a new server encryption key</A
->.</P
-><P
->Never remove from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file the key that is currently in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry in the Authentication Database. AFS server processes become unable to decrypt the tickets that
- clients present to them.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ369"
->To remove a key from the KeyFile file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command to display the key version number of each key you
- want to remove. The output also reveals whether it has been at least 25 hours since a new key was placed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file. For complete instructions for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
->
- command, see <A
-HREF="c20494.html#HDRWQ360"
->To display the KeyFile file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command to verify that the key currently in the
- Authentication Database's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry does not have the same key version number as any of
- the keys you are removing from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file. For detailed instructions for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command, see <A
-HREF="c20494.html#HDRWQ361"
->To display the afs key from the
- Authentication Database</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine afs -admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos removekey</B
-></SPAN
-> command to remove one or more server encryption keys from
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file.</P
-><P
->If you run the United States edition of AFS and use the Update Server to distribute the contents of the system
- control machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory, substitute the system control machine for the
- machine name argument. (If you have forgotten which machine is the system control machine, see <A
-HREF="c3025.html#HDRWQ96"
->To
- locate the system control machine</A
->.)</P
-><P
->If you run the international edition of AFS or do not use the Update Server, repeat the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- removekey</B
-></SPAN
-> command, substituting each server machine in your cell for the machine name argument in turn.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos removekey</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->key version number</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->removek</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->removekey</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the cell's system control machine if you are using the Update Server, or each server machine in turn
- if you are not.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->key version number</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the key version number of each key to remove.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ370"
->Handling Server Encryption Key Emergencies</A
-></H1
-><P
->In rare circumstances, the AFS server processes can become unable to decrypt the server tickets that clients or peer
- server processes are presenting. Activity in your cell can come to a halt, because the server processes believe that the tickets
- are forged or expired, and refuse to execute any actions. This can happen on one machine or several; the effect is more serious
- when more machines are involved.</P
-><P
->One common cause of server encryption key problems is that the client's ticket is encrypted with a key that the server
- process does not know. Usually this means that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> on the server machine
- does not include the key in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> Authentication Database entry, which the Authentication
- Server's Ticket Granting Service (TGS) module is using to encrypt server tickets.</P
-><P
->Another possibility is that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> files on different machines do not contain the
- same keys. In this case, communications among server processes themselves become impossible. For instance, AFS's replicated
- database mechanism (Ubik) breaks down if the instances of a database server process on the different database server machines
- are not using the same key.</P
-><P
->The appearance of the following error message when you direct a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> command to a file
- server machine in the local cell is one possible symptom of server encryption key mismatch. (Note, however, that you can also
- get this message if you forget to include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument when directing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> command to a file server machine in a foreign cell.)</P
-><PRE
-CLASS="programlisting"
-> bos: failed to contact host's bosserver (security object was passed a bad ticket).
-</PRE
-><P
->The solution to server encryption key emergencies is to put a new AFS server encryption key in both the Authentication
- Database and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file on every server machine, so that the TGS and all server processes
- again share the same key.</P
-><P
->Handling key emergencies requires some unusual actions. The reasons for these actions are explained in the following
- sections; the actual procedures appear in the subsequent instructions.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ371"
->Prevent Mutual Authentication</A
-></H2
-><P
->It is necessary to prevent the server processes from trying to mutually authenticate with you as you deal with a key
- emergency, because they possibly cannot decrypt your token. When you do not mutually authenticate, the server processes assign
- you the identity <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
->. To prevent mutual authentication, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command to discard your tokens and include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noauth</B
-></SPAN
-> flag on
- every command where it is available.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_423"
->Disable Authorization Checking by Hand</A
-></H2
-><P
->Because the server processes recognize you as the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> when you do not
- mutually authenticate, you must turn off authorization checking. Only with authorization checking disabled do the server
- processes allow the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user to perform privileged actions such as key creation.</P
-><P
->In an emergency, disable authorization checking by creating the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/NoAuth</B
-></SPAN
-> by hand. In normal circumstances, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- setauth</B
-></SPAN
-> command instead.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_424"
->Work Quickly on Each Machine</A
-></H2
-><P
->Disabling authorization checking is a serious security exposure, because server processes on the affected machine
- perform any action for anyone. Disable authorization checking only for as long as necessary, completing all steps in an
- uninterrupted session and as quickly as possible.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_425"
->Work at the Console</A
-></H2
-><P
->Working at the console of each server machine on which you disable authorization checking ensures that no one else logs
- onto the console while you are working there. It does not prevent others from connecting to the machine remotely (using the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
-> program, for example), which is why it is important to work quickly. The only way to
- ensure complete security is to disable network traffic, which is not a viable option in many environments. You can improve
- security in general by limiting the number of people who can connect remotely to your server machines at any time, as
- recommended in <A
-HREF="c667.html#HDRWQ74"
->Improving Security in Your Cell</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ372"
->Change Individual KeyFile Files</A
-></H2
-><P
->If you use the Update Server to distribute the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory,
- an emergency is the only time when it is appropriate to change the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file on individual
- machines instead. Updating each machine's file is necessary because mismatched keys can prevent the system control machine's
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upserver</B
-></SPAN
-> process from mutually authenticating with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
-> processes on other server machines, in which case the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upserver</B
-></SPAN
-> process refuses to distribute its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file to
- them.</P
-><P
->Even if it appears that the Update Server is working correctly, the only way to verify that is to change the key on the
- system control machine and wait the standard delay period to see if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
-> processes
- retrieve the key. During an emergency, it does not usually make sense to wait the standard delay period. It is more efficient
- simply to update the file on each server machine separately. Also, even if the Update Server can distribute the file
- correctly, other processes can have trouble because of mismatched keys. The following instructions add the new key file on the
- system control machine first. If the Update Server is working, then it is distributing the same change as you are making on
- each server machine individually.</P
-><P
->If your cell does not use the Update Server, or uses the international edition of AFS, you always change keys on server
- machines individually. The following instructions are also appropriate for you.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_427"
->Two Component Procedures</A
-></H2
-><P
->There are two subprocedures used frequently in the following instructions: disabling authorization checking and
- reenabling it. For the sake of clarity, the procedures are detailed here; the instructions refer to them as necessary.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ373"
->Disabling Authorization Checking in an Emergency</A
-></H3
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by
- issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ374"
-></A
->Create the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/NoAuth</B
-></SPAN
-> to disable
- authorization checking. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->touch /usr/afs/local/NoAuth</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Discard your tokens, in case they were sealed with an incompatible key, which can prevent some commands from
- executing. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
->
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ375"
->Reenabling Authorization Checking in an Emergency</A
-></H3
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by
- issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Remove the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/NoAuth</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rm /usr/afs/local/NoAuth</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Authenticate as an administrative identity that belongs to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group and is listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin_user</VAR
->>
- Password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If appropriate, log out from the console (or close the remote connection you are using), after issuing the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command to destroy your tokens.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_430"
->To create a new server encryption key in emergencies</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
-><A
-NAME="LIWQ376"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On the system control machine</B
-></SPAN
->, disable authorization
- checking as instructed in <A
-HREF="c20494.html#HDRWQ373"
->Disabling Authorization Checking in an Emergency</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ377"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command to display the key version
- numbers already in use in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file, as a first step in choosing the new key's key
- version number. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noauth</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listkeys</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies a file server machine.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noauth</B
-></SPAN
-></DT
-><DD
-><P
->Bypasses mutual authentication with the BOS Server. Include it in case the key emergency is preventing
- successful mutual authentication.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ378"
-></A
->Choose a key version number for the new key, based on what you learned in Step <A
-HREF="c20494.html#LIWQ377"
->2</A
-> plus the following requirements: <UL
-><LI
-><P
->It is best to keep your key version numbers in sequence by choosing a key version number one greater than the
- largest existing one.</P
-></LI
-><LI
-><P
->Key version numbers must be integers between 0 and 255 to comply with Kerberos standards.</P
-></LI
-><LI
-><P
->Do not reuse a key version number currently listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
->
- file.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ379"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On the system control machine</B
-></SPAN
->, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos addkey</B
-></SPAN
-> command to create a new AFS server encryption key in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos addkey</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kvno</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->key version number</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noauth</B
-></SPAN
->
- input key: <<VAR
-CLASS="replaceable"
->afs_password</VAR
->>
- Retype input key: <<VAR
-CLASS="replaceable"
->afs_password</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addkey</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine on which to define the new key in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
->
- file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kvno</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the key version number you chose in Step <A
-HREF="c20494.html#LIWQ378"
->3</A
->, an integer in the range
- 0 (zero) through 255. You must specify the same number in Steps <A
-HREF="c20494.html#LIWQ382"
->7</A
->, <A
-HREF="c20494.html#LIWQ383"
->8</A
->, and <A
-HREF="c20494.html#LIWQ386"
->13</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noauth</B
-></SPAN
-></DT
-><DD
-><P
->Bypasses mutual authentication with the BOS Server. Include it in case the key emergency is preventing
- successful mutual authentication.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs_password</B
-></SPAN
-></DT
-><DD
-><P
->Is a character string similar to a user password, of any length from one to about 1,000 characters. To
- improve security, make the string as long as is practical, and include nonalphabetic characters.</P
-><P
->Do not type an octal string directly. The BOS Server scrambles the character string into an octal string
- appropriate for use as an encryption key before recording it in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
->
- file.</P
-><P
->Remember the string. You need to use it again in Steps <A
-HREF="c20494.html#LIWQ382"
->7</A
->, <A
-HREF="c20494.html#LIWQ383"
->8</A
->, and <A
-HREF="c20494.html#LIWQ386"
->13</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ380"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On every database server machine in your cell</B
-></SPAN
-> (other than
- the system control machine), disable authorization checking as instructed in <A
-HREF="c20494.html#HDRWQ373"
->Disabling
- Authorization Checking in an Emergency</A
->. Do not repeat the procedure on the system control machine, if it is a
- database server machine, because you already disabled authorization checking in Step <A
-HREF="c20494.html#LIWQ376"
->1</A
->. (If
- you need to learn which machines are database server machines, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listhosts</B
-></SPAN
->
- command as described in <A
-HREF="c3025.html#HDRWQ95"
->To locate database server machines</A
->.)</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ381"
-></A
->Wait at least 90 seconds after finishing Step <A
-HREF="c20494.html#LIWQ380"
->5</A
->, to allow each
- of the database server processes (the Authentication, Backup, Protection and Volume Location Servers) to finish electing a
- new sync site. Then issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->udebug</B
-></SPAN
-> command to verify that the election worked properly.
- Issue the following commands, substituting each database server machine's name for server machine in turn. Include the
- system control machine if it is a database server machine. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->udebug</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->server machine</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->udebug</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->server machine</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaserver</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->udebug</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->server machine</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ptserver</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->udebug</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->server machine</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vlserver</B
-></SPAN
->
-</PRE
-></P
-><P
->For each process, the output from all of the database server machines must agree on which one is the sync site for
- the process. It is not, however, necessary that the same machine serves as the sync site for each of the four processes.
- For each process, the output from only one machine must include the following string:</P
-><PRE
-CLASS="programlisting"
-> I am sync site ...
-</PRE
-><P
->The output on the other machines instead includes the following line</P
-><PRE
-CLASS="programlisting"
-> I am not sync site
-</PRE
-><P
->and a subsequent line that begins with the string <SAMP
-CLASS="computeroutput"
->Sync host</SAMP
-> and specifies the IP
- address of the machine claiming to be the sync site.</P
-><P
->If the output does not meet these requirements or seems abnormal in another way, contact AFS Product Support for
- assistance.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ382"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On every database server machine in your cell</B
-></SPAN
-> (other than
- the system control machine), issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos addkey</B
-></SPAN
-> command described in Step <A
-HREF="c20494.html#LIWQ379"
->4</A
->. Be sure to use the same values for afs_password and kvno as you used in that step.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ383"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> command to define the new key in
- the Authentication Database's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry. It must match the key you created in Step <A
-HREF="c20494.html#LIWQ379"
->4</A
-> and Step <A
-HREF="c20494.html#LIWQ382"
->7</A
->. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword -name afs</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kvno</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->key version number</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noauth</B
-></SPAN
->
- new_password: <<VAR
-CLASS="replaceable"
->afs_password</VAR
->>
- Verifying, please re-enter new_password: <<VAR
-CLASS="replaceable"
->afs_password</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sp</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setpassword</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setp</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kvno</B
-></SPAN
-></DT
-><DD
-><P
->Is the same key version number you specified in Step <A
-HREF="c20494.html#LIWQ379"
->4</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs_password</B
-></SPAN
-></DT
-><DD
-><P
->Is the same character string you specified as afs_password in Step <A
-HREF="c20494.html#LIWQ379"
->4</A
->. It does
- not echo visibly.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ384"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On every database server machine in your cell</B
-></SPAN
-> (including the
- system control machine if it is a database server machine), reenable authorization checking as instructed in <A
-HREF="c20494.html#HDRWQ375"
->Reenabling Authorization Checking in an Emergency</A
->. If the system control machine is not a
- database server machine, do not perform this procedure until Step <A
-HREF="c20494.html#LIWQ385"
->11</A
->.</P
-></LI
-><LI
-><P
->Repeat Step <A
-HREF="c20494.html#LIWQ381"
->6</A
-> to verify that each database server process has properly elected a sync
- site after being restarted in Step <A
-HREF="c20494.html#LIWQ384"
->9</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ385"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On the system control machine</B
-></SPAN
-> (if it is not a database
- server machine), reenable authorization checking as instructed in <A
-HREF="c20494.html#HDRWQ375"
->Reenabling Authorization
- Checking in an Emergency</A
->. If it is a database server machine, you already performed the procedure in Step <A
-HREF="c20494.html#LIWQ384"
->9</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On all remaining (simple) file server machines</B
-></SPAN
->, disable authorization checking as
- instructed in <A
-HREF="c20494.html#HDRWQ373"
->Disabling Authorization Checking in an Emergency</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ386"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On all remaining (simple) file server machines</B
-></SPAN
->, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos addkey</B
-></SPAN
-> command described in Step <A
-HREF="c20494.html#LIWQ379"
->4</A
->. Be sure to use the
- same values for afs_password and kvno as you used in that step.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->On all remaining (simple) file server machines</B
-></SPAN
->, reenable authorization checking as
- instructed in <A
-HREF="c20494.html#HDRWQ375"
->Reenabling Authorization Checking in an Emergency</A
->.</P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c18360.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="p21471.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Monitoring and Auditing AFS Performance</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p3023.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Managing Client Machines</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Administering Client Machines and the Cache Manager</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing Client Machines"
-HREF="p21471.html"><LINK
-REL="PREVIOUS"
-TITLE="Managing Client Machines"
-HREF="p21471.html"><LINK
-REL="NEXT"
-TITLE="Configuring Client Machines with the package Program"
-HREF="c23832.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="p21471.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c23832.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ387"
-></A
->Chapter 10. Administering Client Machines and the Cache Manager</H1
-><P
->This chapter describes how to administer an AFS client machine, which is any machine from which users can access the AFS
- filespace and communicate with AFS server processes. (A client machine can simultaneously function as an AFS server machine if
- appropriately configured.) An AFS client machine has the following characteristics: <UL
-><LI
-><P
->The kernel includes the set of modifications, commonly referred to as the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Cache Manager</I
-></SPAN
->, that
- enable access to AFS files and directories. You can configure many of the Cache Manager's features to suit your users'
- needs. See <A
-HREF="c21473.html#HDRWQ390"
->Overview of Cache Manager Customization</A
->.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory on the local disk stores several configuration files. See
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->.</P
-></LI
-><LI
-><P
->A cache stores temporary copies of data fetched from AFS file server machines, either in machine memory or on a
- devoted local disk partition. See <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size, and Location</A
-> and <A
-HREF="c21473.html#HDRWQ402"
->Setting Other Cache Parameters with the afsd program</A
->.</P
-></LI
-></UL
-></P
-><P
->To learn how to install the client functionality on a machine, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
->.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ388"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN21494"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="67*"><COL
-WIDTH="33*"><TBODY
-><TR
-><TD
->Display cache size set at reboot</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat /usr/vice/etc/cacheinfo</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display current cache size and usage</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcacheparms</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change disk cache size without rebooting</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcachesize</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Initialize Cache Manager</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display contents of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat /usr/vice/etc/CellServDB</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display list of database server machines from kernel memory</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listcells</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change list of database server machines in kernel memory</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs newcell</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Check cell's status regarding setuid</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcellstatus</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set cell's status regarding setuid</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcell</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set server probe interval</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers -interval</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display machine's cell membership</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat /usr/vice/etc/ThisCell</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change machine's cell membership</TD
-><TD
->Edit <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Flush cached file/directory</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flush</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Flush everything cached from a volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flushvolume</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Update volume-to-mount-point mappings</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkvolumes</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display Cache Manager's server preference ranks</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set Cache Manager's server preference ranks</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setserverprefs</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display client machine addresses to register</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getclientaddrs</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set client machine addresses to register</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Control the display of warning and status messages</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs messages</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display and change machine's system type</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Enable asynchronous writes</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ390"
->Overview of Cache Manager Customization</A
-></H1
-><P
->An AFS client machine's kernel includes a set of modifications, commonly referred to as the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Cache
- Manager</I
-></SPAN
->, that enable access to AFS files and directories and communications with AFS server processes. It is common
- to speak of the Cache Manager as a process or program, and in regular usage it appears to function like one. When configuring
- it, though, it is helpful to keep in mind that this usage is not strictly accurate.</P
-><P
->The Cache Manager mainly fetches files on behalf of application programs running on the machine. When an application
- requests an AFS file, the Cache Manager contacts the Volume Location (VL) Server to obtain a list of the file server machines
- that house the volume containing the file. The Cache Manager then translates the application program's system call requests into
- remote procedure calls (RPCs) to the File Server running on the appropriate machine. When the File Server delivers the file, the
- Cache Manager stores it in a local <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cache</I
-></SPAN
-> before delivering it to the application program.</P
-><P
->The File Server delivers a data structure called a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->callback</I
-></SPAN
-> along with the file. (To be precise, it
- delivers a callback for each file fetched from a read/write volume, and a single callback for all data fetched from a read-only
- volume.) A valid callback indicates that the Cache Manager's cached copy of a file matches the central copy maintained by the
- File Server. If an application on another AFS client machine changes the central copy, the File Server breaks the callback, and
- the Cache Manager must retrieve the new version when an application program on its machine next requests data from the file. As
- long as the callback is unbroken, however, the Cache Manager can continue to provide the cached version of the file to
- applications on its machine, which eliminates unnecessary network traffic.</P
-><P
->The indicated sections of this chapter explain how to configure and customize the following Cache Manager features. All
- but the first (choosing disk or memory cache) are optional, because AFS sets suitable defaults for them. <UL
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->disk or memory cache</I
-></SPAN
->. The AFS Cache Manager can use machine memory for caching instead of space
- on the local disk. Deciding which to use is the most basic configuration decision you must make. See <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size, and Location</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cache size</I
-></SPAN
->. Cache size probably has the most direct influence on client machine performance. It
- determines how often the Cache Manager must contact the File Server across the network or discard cached data to make room
- for newly requested files, both of which affect how quickly the Cache Manager delivers files to users. See <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size, and Location</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cache location</I
-></SPAN
->. For a disk cache, you can alter the conventional cache directory location
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache</B
-></SPAN
->) to take advantage of greater space availability on other disks on the
- machine. A larger cache can result in faster file delivery. See <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size,
- and Location</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->chunk size and number</I
-></SPAN
->. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program, which initializes the
- Cache Manager, allows you to control the size and number of chunks into which a cache is divided, plus related parameters.
- Setting these parameters is optional, because there are reasonable defaults, but it provides precise control. The AFS
- distribution includes configuration scripts that set Cache Manager parameters to values that are reasonable for different
- configurations and usage patterns. See <A
-HREF="c21473.html#HDRWQ402"
->Setting Other Cache Parameters with the afsd
- program</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->knowledge of database server machines</I
-></SPAN
->. Enable access to a cell's AFS filespace and other
- services by listing the cell's database server machines in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
->
- file on the local disk. See <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->setuid privilege</I
-></SPAN
->. You can control whether the Cache Manager allows programs from a cell to
- execute with setuid permission. See <A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid
- Programs</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cell membership</I
-></SPAN
->. Each client belongs to a one cell defined by the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> file. Cell membership determines the default cell in which the machine's
- users are authenticated and in which AFS commands run. See <A
-HREF="c21473.html#HDRWQ411"
->Setting a Client Machine's Cell
- Membership</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cached file version</I
-></SPAN
->. AFS's system of callbacks normally guarantees that the Cache Manager has
- the most current versions of files and directories possible. Nevertheless, you can force the Cache Manager to fetch the
- most current version of a file from the File Server if you suspect that the cache contains an outdated version. See <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->File Server and Volume Location Server preferences</I
-></SPAN
->. The Cache Manager sets numerical preference
- ranks for the interfaces on file server machines and Volume Server (VL) machines. The ranks determine which interface the
- Cache Manager first attempts to use when fetching data from a volume or from the Volume Location Database (VLDB). The
- Cache Manager sets default ranks as it initializes, basing them on its network proximity to each interface, but you can
- modify the preference ranks if you wish. See <A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->interfaces registered with the File Server</I
-></SPAN
->. If the Cache Manager is multihomed (has multiple
- interface addresses), you can control which of them it registers for File Servers to use when they initiate RPCs to the
- client machine. See <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->display of information messages</I
-></SPAN
->. By default, the Cache Manager sends basic error and
- informational messages to the client machine's console and to command shells. You can disable the messaging. See <A
-HREF="c21473.html#HDRWQ416"
->Controlling the Display of Warning and Informational Messages</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->system type</I
-></SPAN
->. The Cache Manager records the local machine's AFS system type in kernel memory,
- and substitutes the value for the @sys variable in pathnames. See <A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the
- System Type Name</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->delayed writes</I
-></SPAN
->. By default, the Cache Manager writes all data to the File Server immediately
- and synchronously when an application program closes a file. You can enable asynchronous writes, either for an individual
- file, or all files that the Cache Manager handles, and set how much data remains to be written when the Cache Manager
- returns control to the closing application. See <A
-HREF="c21473.html#HDRWQ418"
->Enabling Asynchronous Writes</A
->.</P
-></LI
-></UL
-></P
-><P
->You must make all configuration changes on the client machine itself (at the console or over a direct connection such as a
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
-> connection). You cannot configure the Cache Manager remotely. You must be logged in as
- the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> to issue some commands, whereas others require no privilege. All files
- mentioned in this chapter must actually reside on the local disk of each AFS client machine (they cannot, for example, be
- symbolic links to files in AFS).</P
-><P
->AFS's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program can simplify other aspects of client machine configuration,
- including those normally set in the machine's AFS initialization file. See <A
-HREF="c23832.html"
->Configuring Client Machines
- with the package Program</A
->.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ391"
->Configuration and Cache-Related Files on the Local Disk</A
-></H1
-><P
->This section briefly describes the client configuration files that must reside in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory on every client machine. If the machine uses a disk cache, there must be a
- partition devoted to cache files; by convention, it is mounted at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache</B
-></SPAN
->
- directory.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Note for Windows users:</B
-></SPAN
-> Some files described in this document possibly do not exist on
- machines that run a Windows operating system. Also, Windows uses a backslash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\</B
-></SPAN
->) rather than a
- forward slash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->) to separate the elements in a pathname.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory on a client machine's local disk must contain certain
- configuration files for the Cache Manager to function properly. They control the most basic aspects of Cache Manager
- configuration.</P
-><P
->If it is important that the client machines in your cell perform uniformly, it is most efficient to update these files
- from a central source. The following descriptions include pointers to sections that discuss how best to maintain the files.
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-></DT
-><DD
-><P
->The binary file for the program that initializes the Cache Manager. It must run each time the machine reboots in
- order for the machine to remain an AFS client machine. The program also initializes several daemons that improve Cache
- Manager functioning, such as the process that handles callbacks. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-></DT
-><DD
-><P
->A one-line file that sets the cache's most basic configuration parameters: the local directory at which the
- Cache Manager mounts the AFS filespace, the local disk directory to use as the cache, and how many kilobytes to
- allocate to the cache.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> explains how to create this file as you install a client
- machine. To change the cache size on a machine that uses a memory cache, edit the file and reboot the machine. On a
- machine that uses a disk cache, you can change the cache size without rebooting by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcachesize</B
-></SPAN
-> command. For instructions, see <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache
- Type, Size, and Location</A
->. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-></DT
-><DD
-><P
->This ASCII file names the database server machines in the local cell and in any foreign cell to which you want
- to enable access from this machine. (Database server machines are the machines in a cell that run the Authentication,
- Backup, Protection, and VL Server processes; see <A
-HREF="c3025.html#HDRWQ92"
->Database Server Machines</A
->.)</P
-><P
->The Cache Manager must be able to reach a cell's database server machines to fetch files from its filespace.
- Incorrect or missing information in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file can slow or completely block
- access. It is important to update the file whenever a cell's database server machines change.</P
-><P
->As the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program initializes the Cache Manager, it loads the contents of the
- file into kernel memory. The Cache Manager does not read the file between reboots, so to incorporate changes to the
- file into kernel memory, you must reboot the machine. Alternatively, you can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- newcell</B
-></SPAN
-> command to insert the changes directly into kernel memory without changing the file. It can also be
- convenient to upgrade the file from a central source. For instructions, see <A
-HREF="c21473.html#HDRWQ406"
->Maintaining
- Knowledge of Database Server Machines</A
->.</P
-><P
->(The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file on client machines is not the same as the one kept in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory on server machines, which lists only the local cell's database
- server machines. For instructions on maintaining the server <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file, see
- <A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server CellServDB File</A
->). </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetInfo</B
-></SPAN
-></DT
-><DD
-><P
->This optional ASCII file lists one or more of the network interface addresses on the client machine. If it
- exists when the Cache Manager initializes, the Cache Manager uses it as the basis for the list of interfaces that it
- registers with File Servers. See <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetRestrict</B
-></SPAN
-></DT
-><DD
-><P
->This optional ASCII file lists one or more network interface addresses. If it exists when the Cache Manager
- initializes, the Cache Manager removes the specified addresses from the list of interfaces that it registers with File
- Servers. See <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-></DT
-><DD
-><P
->This ASCII file contains a single line that specifies the complete domain-style name of the cell to which the
- machine belongs. Examples are <SAMP
-CLASS="computeroutput"
->abc.com</SAMP
-> and
- <SAMP
-CLASS="computeroutput"
->stateu.edu</SAMP
->. This value defines the default cell in which the machine's users become
- authenticated, and in which the command interpreters (for example, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> command)
- contact server processes.</P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> explains how to create this file as you install the AFS client
- functionality. To learn about changing a client machine's cell membership, see <A
-HREF="c21473.html#HDRWQ411"
->Setting a
- Client Machine's Cell Membership</A
->.</P
-></DD
-></DL
-></DIV
-></P
-><P
->In addition to these files, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory also sometimes contains the
- following types of files and subdirectories: <UL
-><LI
-><P
->The AFS initialization script, called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs.rc</B
-></SPAN
-> on many system types. In the
- conventional configuration specified by the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
->, it is a symbolic link to the
- actual script kept in the same directory as other initialization files used by the operating system. </P
-></LI
-><LI
-><P
->A subdirectory that houses AFS kernel library files used by a dynamic kernel loading program. </P
-></LI
-><LI
-><P
->A subdirectory called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->C</B
-></SPAN
->, which houses the Cache Manager catalog file called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afszcm.cat</B
-></SPAN
->. The fstrace program uses the catalog file to translate operation codes into
- character strings, which makes the message in the trace log more readable. See <A
-HREF="c18360.html#HDRWQ342"
->About the
- fstrace Command Suite</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ393"
->Cache-Related Files</A
-></H2
-><P
->A client machine that uses a disk cache must have a local disk directory devoted to the cache. The conventional mount
- point is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache</B
-></SPAN
->, but you can use another partition that has more available
- space.</P
-><P
->Do not delete or directly modify any of the files in the cache directory. Doing so can cause a kernel panic, from which
- the only way to recover is to reboot the machine. By default, only the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->
- can read the files directly, by virtue of owning them.</P
-><P
->A client machine that uses a memory cache keeps all of the information stored in these files in machine memory instead.
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CacheItems</B
-></SPAN
-></DT
-><DD
-><P
->A binary-format file in which the Cache Manager tracks the contents of cache chunks (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> files in the directory, described just following), including the file ID number (fID) and the
- data version number. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->VolumeItems</B
-></SPAN
-></DT
-><DD
-><P
->A binary-format file in which the Cache Manager records the mapping between mount points and the volumes from
- which it has fetched data. The Cache Manager uses the information when responding to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pwd</B
-></SPAN
-> command, among others. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Vn</B
-></SPAN
-></DT
-><DD
-><P
->A cache chunk file, which expands to a maximum size (by default, 64 KB) to house data fetched from AFS files.
- The number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files in the cache depends on the cache size among other factors.
- The n is the index assigned to each file; they are numbered sequentially, but the Cache Manager does not necessarily
- use them in order or contiguously. If an AFS file is larger than the maximum size for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files, the Cache Manager divides it across multiple <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n
- files.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ394"
->Determining the Cache Type, Size, and Location</A
-></H1
-><P
->This section explains how to configure a memory or disk cache, how to display and set the size of either type of cache,
- and how to set the location of the cache directory for a disk cache. </P
-><P
->The Cache Manager uses a disk cache by default, and it is the preferred type of caching. To configure a memory cache,
- include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-memcache</B
-></SPAN
-> flag on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command, which is
- normally invoked in the machine's AFS initialization file. If configured to use a memory cache, the Cache Manager does no disk
- caching, even if the machine has a disk.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_438"
->Choosing the Cache Size</A
-></H2
-><P
->Cache size influences the performance of a client machine more directly than perhaps any other cache parameter. The
- larger the cache, the faster the Cache Manager is likely to deliver files to users. A small cache can impair performance
- because it increases the frequency at which the Cache Manager must discard cached data to make room for newly requested data.
- When an application asks for data that has been discarded, the Cache Manager must request it from the File Server, and
- fetching data across the network is almost always slower than fetching it from the local disk. The Cache Manager never
- discards data from a file that has been modified locally but not yet stored back to the File Server. If the cache is very
- small, the Cache Manager possible cannot find any data to discard. For more information about the algorithm it uses when
- discarding cached data, see <A
-HREF="c21473.html#HDRWQ401"
->How the Cache Manager Chooses Data to Discard</A
->).</P
-><P
->The amount of disk or memory you devote to caching depends on several factors. The amount of space available in memory
- or on the partition housing the disk cache directory imposes an absolute limit. In addition, you cannot allocate more than 95%
- of the space available on the cache directory's partition to a disk cache. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program
- exits without starting the Cache Manager and prints an appropriate message to the standard output stream if you violate this
- restriction. For a memory cache, you must leave enough memory for other processes and applications to run. If you try to
- allocate more memory than is actually available, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program exits without initializing
- the Cache Manager and produces the following message on the standard output stream:</P
-><PRE
-CLASS="programlisting"
-> afsd: memCache allocation failure at number KB
-</PRE
-><P
->where number is how many kilobytes were allocated just before the failure.</P
-><P
->Within these hard limits, the factors that determine appropriate cache size include the number of users working on the
- machine, the size of the files with which they usually work, and (for a memory cache) the number of processes that usually run
- on the machine. The higher the demand from these factors, the larger the cache needs to be to maintain good
- performance.</P
-><P
->Disk caches smaller than 10 MB do not generally perform well. Machines serving multiple users usually perform better
- with a cache of at least 60 to 70 MB. The point at which enlarging the cache further does not really improve performance
- depends on the factors mentioned previously, and is difficult to predict.</P
-><P
->Memory caches smaller than 1 MB are nonfunctional, and the performance of caches smaller than 5 MB is usually
- unsatisfactory. Suitable upper limits are similar to those for disk caches but are probably determined more by the demands on
- memory from other sources on the machine (number of users and processes). Machines running only a few processes possibly can
- use a smaller memory cache.</P
-><P
->AFS imposes an absolute limit on cache size in some versions. See the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Release Notes</I
-></SPAN
-> for the
- version you are using.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
-></H2
-><P
->The Cache Manager determines how big to make the cache by reading the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/cacheinfo</B
-></SPAN
-> file as it initializes. As directed in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick
- Beginnings</I
-></SPAN
->, you must create the file before running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program. The file
- also defines the directory on which to mount AFS (by convention, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->), and the local disk
- directory to use for a cache directory.</P
-><P
->To change any of the values in the file, log in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->. You must
- reboot the machine to have the new value take effect. For instructions, see <A
-HREF="c21473.html#HDRWQ398"
->To edit the cacheinfo
- file</A
->.</P
-><P
->To change the cache size at reboot without editing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-> file, include the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-blocks</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command; see the command's
- reference page in the IBM AFS Administration Reference.</P
-><P
->For a disk cache, you can also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcachesize</B
-></SPAN
-> command to reset the cache size
- without rebooting. The value you set persists until the next reboot, at which time the cache size returns to the value
- specified in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-> file or by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-blocks</B
-></SPAN
-> argument
- to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command. For instructions, see <A
-HREF="c21473.html#HDRWQ399"
->To change the disk cache
- size without rebooting</A
->.</P
-><P
->To display the current cache size and the amount of space the Cache Manager is using at the moment, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcacheparms</B
-></SPAN
-> command as detailed in <A
-HREF="c21473.html#HDRWQ397"
->To display the current cache
- size</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ396"
->To display the cache size set at reboot</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Use a text editor or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat</B
-></SPAN
-> command to display the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/cacheinfo</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat /usr/vice/etc/cacheinfo</B
-></SPAN
->
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ397"
->To display the current cache size</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcacheparms</B
-></SPAN
-> command on the client machine. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcacheparms</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getca</B
-></SPAN
-> is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getcacheparms</B
-></SPAN
->.</P
-><P
->The output shows the number of kilobyte blocks the Cache Manager is using as a cache at the moment the command is
- issued, and the current size of the cache. For example:</P
-><PRE
-CLASS="programlisting"
-> AFS using 13709 of the cache's available 15000 1K byte blocks.
-</PRE
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ398"
->To edit the cacheinfo file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Use a text editor to edit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/cacheinfo</B
-></SPAN
-> file, which has three fields,
- separated by colons: <UL
-><LI
-><P
->The first field names the local directory on which to mount the AFS filespace. The conventional location is
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->The second field defines the local disk directory to use for the disk cache. The conventional location is the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache</B
-></SPAN
-> directory, but you can specify an alternate directory if another
- partition has more space available. There must always be a value in this field, but the Cache Manager ignores it if
- the machine uses a memory cache.</P
-></LI
-><LI
-><P
->The third field defines cache size as a number of kilobyte (1024-byte) blocks.</P
-></LI
-></UL
-></P
-><P
->The following example mounts the AFS filespace at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory, names
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache</B
-></SPAN
-> as the cache directory, and sets cache size to 50,000 KB:</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs:/usr/vice/cache:50000</B
-></SPAN
->
- </PRE
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ399"
->To change the disk cache size without rebooting</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ400"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcachesize</B
-></SPAN
-> command to set a new disk cache
- size.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->This command does not work for a memory cache.</P
-></BLOCKQUOTE
-></DIV
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcachesize</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->size in 1K byte blocks (0 =</VAR
->> reset)>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setca</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setcachesize</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->size in 1K byte blocks (0 => reset)</B
-></SPAN
-></DT
-><DD
-><P
->Sets the number of kilobyte blocks to be used for the cache. Specify a positive integer (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1024</B
-></SPAN
-> equals 1 MB), or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) to reset the cache size to
- the value specified in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-> file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_444"
->To reset the disk cache size to the default without rebooting</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcachesize</B
-></SPAN
-> command to reset the size of the local disk cache (the
- command does not work for a memory cache). Choose one of the two following options: <UL
-><LI
-><P
->To reset the cache size to the value specified in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-> file,
- specify the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcachesize 0</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->To reset the cache size to the value set at the last reboot of the machine, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-reset</B
-></SPAN
-> flag. Unless the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-blocks</B
-></SPAN
-> argument was used on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command, this is also the value in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcachesize -reset</B
-></SPAN
->
-</PRE
-></P
-></LI
-></UL
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setca</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setcachesize</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-></DT
-><DD
-><P
->Resets the disk cache size to the value in the third field of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/cacheinfo</B
-></SPAN
-> file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-reset</B
-></SPAN
-></DT
-><DD
-><P
->Resets the cache size to the value set at the last reboot.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ401"
->How the Cache Manager Chooses Data to Discard</A
-></H2
-><P
->When the cache is full and application programs request more data from AFS, the Cache Manager must flush out cache
- chunks to make room for the data. The Cache Manager considers two factors: <OL
-TYPE="1"
-><LI
-><P
->How recently an application last accessed the data.</P
-></LI
-><LI
-><P
->Whether the chunk is <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dirty</I
-></SPAN
->. A dirty chunk contains changes to a file that have not yet been
- saved back to the permanent copy stored on a file server machine.</P
-></LI
-></OL
-></P
-><P
->The Cache Manager first checks the least-recently used chunk. If it is not dirty, the Cache Manager discards the data in
- that chunk. If the chunk is dirty, the Cache Manager moves on to check the next least recently used chunk. It continues in
- this manner until it has created a sufficient number of empty chunks.</P
-><P
->Chunks that contain data fetched from a read-only volume are by definition never dirty, so the Cache Manager can always
- discard them. Normally, the Cache Manager can also find chunks of data fetched from read/write volumes that are not dirty, but
- a small cache makes it difficult to find enough eligible data. If the Cache Manager cannot find any data to discard, it must
- return I/O errors to application programs that request more data from AFS. Application programs usually have a means for
- notifying the user of such errors, but not for revealing their cause.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ402"
->Setting Other Cache Parameters with the afsd program</A
-></H1
-><P
->There are only three cache configuration parameters you must set: the mount directory for AFS, the location of the disk
- cache directory, and the cache size. They correspond to the three fields in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/cacheinfo</B
-></SPAN
-> file, as discussed in <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size,
- and Location</A
->. However, if you want to experiment with fine-tuning cache performance, you can use the arguments on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command to control several other parameters. This section discusses a few of these
- parameters that have the most direct effect on cache performance. To learn more about the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
->
- command's arguments, see its reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->.</P
-><P
->In addition, the AFS initialization script included in the AFS distribution for each system type includes several
- variables that set several <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> arguments in a way that is suitable for client machines of
- different sizes and usage patterns. For instructions on using the script most effectively, see the section on configuring the
- Cache Manager in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ403"
->Setting Cache Configuration Parameters</A
-></H2
-><P
->The cache configuration parameters with the most direct effect on cache performance include the following: <UL
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->total cache size</I
-></SPAN
->. This is the amount of disk space or machine memory available for caching,
- as discussed in detail in <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size, and Location</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->number of cache chunks</I
-></SPAN
->. For a disk cache, each chunk is a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n
- file in the local cache directory (see <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->). For a memory cache, each
- chunk is a set of contiguous blocks allocated in machine memory.</P
-><P
->This parameter does not have as much of an effect on cache performance as total size. However, adjusting it can
- influence how often the Cache Manager must discard cached data to make room for new data. Suppose, for example, that you
- set the disk cache size to 50 MB and the number of chunks (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files) to 1,000. If each
- of the ten users on the machine caches 100 AFS files that average 20 KB in size, then all 1,000 chunks are full (a chunk
- can contain data from only one AFS file) but the cache holds only about 20 MB of data. When a user requests more data
- from the File Server, the Cache Manager must discard cached data to reclaim some chunks, even though the cache is filled
- to less than 50% of its capacity. In such a situation, increasing the number of chunks enables the Cache Manager to
- discard data less often.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->chunk size</I
-></SPAN
->. This parameter determines the maximum amount of data that can fit in a chunk. If
- a cached element is smaller than the chunk size, the remaining space in the chunk is not used (a chunk can hold no more
- than one element). If an element cannot fit in a single chunk, it is split across as many chunks as needed. This
- parameter also determines how much data the Cache Manager requests at a time from the File Server (how much data per
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->fetch RPC</I
-></SPAN
->, because AFS uses partial file transfer).</P
-><P
->The main reason to change chunk size is because of its relation to the amount of data fetched per RPC. If your
- network links are very fast, it can improve performance to increase chunk size; if the network is especially slow, it
- can make sense to decrease chunk size.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->number of dcache entries in memory</I
-></SPAN
->. The Cache Manager maintains one dcache entry for each
- cache chunk, recording a small amount of information, such as the file ID (fID) and version number of the AFS file
- corresponding to the chunk.</P
-><P
->For a disk cache, dcache entries reside in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache/CacheItems</B
-></SPAN
-> file; a
- small number are duplicated in machine memory to speed access.</P
-><P
->For a memory cache, the number of dcache entries equals the number of cache chunks. For a discussion of the
- implications of this correspondence, see <A
-HREF="c21473.html#HDRWQ405"
->Controlling Memory Cache Configuration</A
->.</P
-></LI
-></UL
-></P
-><P
->For a description of how the Cache Manager determines defaults for number of chunks, chunk size, and number of dcache
- entries in a disk cache, see <A
-HREF="c21473.html#HDRWQ404"
->Configuring a Disk Cache</A
->; for a memory cache, see <A
-HREF="c21473.html#HDRWQ405"
->Controlling Memory Cache Configuration</A
->. The instructions also explain how to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command's arguments to override the defaults.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ404"
->Configuring a Disk Cache</A
-></H2
-><P
->The default number of cache chunks (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files) in a disk cache is calculated by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command to be the greatest of the following: <UL
-><LI
-><P
->100</P
-></LI
-><LI
-><P
->1.5 times the result of dividing cache size by chunk size (cachesize/chunksize * 1.5)</P
-></LI
-><LI
-><P
->The result of dividing cachesize by 10 MB (cachesize/10240)</P
-></LI
-></UL
-></P
-><P
->You can override this value by specifying a positive integer with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-> argument.
- Consider increasing this value if more than 75% of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files are already used soon after
- the Cache Manager finishes initializing. Consider decreasing it if only a small percentage of the chunks are used at that
- point. In any case, never specify a value less than 100, because a smaller value can cause performance problems.</P
-><P
->The following example sets the number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files to 2,000:</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/afsd -files 2000</B
-></SPAN
->
- </PRE
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->It is conventional to place the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command in a machine's AFS initialization file,
- rather than entering it in a command shell. Furthermore, the values specified in this section are examples only, and are not
- necessarily suitable for a specific machine.</P
-></BLOCKQUOTE
-></DIV
-><P
->The default chunk size for a disk cache is 64 KB. In general, the only reason to change it is to adjust to exceptionally
- slow or fast networks; see <A
-HREF="c21473.html#HDRWQ403"
->Setting Cache Configuration Parameters</A
->. You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-chunksize</B
-></SPAN
-> argument to override the default. Chunk size must be a power of 2, so provide an integer
- between 0 (zero) and 30 to be used as an exponent of 2. For example, a value of 10 sets chunk size to 1 KB (210 = 1024); a
- value of 16 equals the default for disk caches (216 = 64 KB). Specifying a value of 0 (zero) or greater than 30 returns chunk
- size to the default. Values less than 10 (1 KB) are not recommended. The following example sets chunk size to 16 KB
- (214):</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/afsd -chunksize 14</B
-></SPAN
->
- </PRE
-><P
->For a disk cache, the default number of dcache entries duplicated in memory is one-half the number of chunks specified
- with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-> argument, to a maximum of 2,000 entries. You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dcache</B
-></SPAN
-> argument to change the default, even exceeding 2,000 if you wish. Duplicating more than half
- the dcache entries in memory is not usually necessary, but sometimes improves performance slightly, because access to memory
- is faster than access to disk. The following example sets the number to 750:</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/afsd -dcache 750</B
-></SPAN
->
- </PRE
-><P
->When configuring a disk cache, you can combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command's arguments in any way.
- The main reason for this flexibility is that the setting you specify for disk cache size (in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-> file or with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-blocks</B
-></SPAN
-> argument) is an absolute maximum
- limit. You cannot override it by specifying higher values for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-chunksize</B
-></SPAN
-> arguments, alone or in combination. A related reason is that the Cache Manager does not have
- to reserve a set amount of memory on disk. <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files (the chunks in a disk cache) are
- initially zero-length, but can expand up to the specified chunk size and shrink again, as needed. If you set the number of
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files to such a large value that expanding all of them to the full allowable size exceeds
- the total cache size, they simply never grow to full size.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ405"
->Controlling Memory Cache Configuration</A
-></H2
-><P
->Configuring a memory cache differs from configuring a disk cache in that not all combinations of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command's arguments are allowed. This limitation results from the greater interaction between the
- configuration parameters in a memory cache than a disk cache. If all combinations are allowed, it is possible to set the
- parameters in an inconsistent way. A list of the acceptable and unacceptable combinations follows a discussion of default
- values.</P
-><P
->The default chunk size for a memory cache is 8 KB. In general, the only reason to change it is to adjust to
- exceptionally slow or fast networks; see <A
-HREF="c21473.html#HDRWQ403"
->Setting Cache Configuration Parameters</A
->.</P
-><P
->There is no predefined default for number of chunks in a memory cache. The Cache Manager instead calculates the correct
- number by dividing the total cache size by the chunk size. Recall that for a memory cache, all dcache entries must be in
- memory. This implies that the number of chunks equals the number of dcache entries in memory, and that there is no default for
- number of dcache entries (like the number of chunks, it is calculated by dividing the total size by the chunk size).</P
-><P
->The following are acceptable combinations of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> command's arguments when
- configuring a memory cache: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-blocks</B
-></SPAN
-> alone, which overrides the cache size specified in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/cacheinfo</B
-></SPAN
-> file. The Cache Manager divides the value of this argument by the default
- chunk size of eight KB to calculate the number of chunks and dcache entries. The following example sets cache size to
- five MB (5,120 KB) and the number of chunks to 640 (5,120 divided by 8): <PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/afsd -memcache -blocks 5120</B
-></SPAN
-></PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-chunksize</B
-></SPAN
-> alone, to override the default of eight KB. The chunk size must be a
- power of two, so provide an integer between 0 (zero) and 30 to be used as an exponent of two. For example, a value of
- ten sets chunk size to 1 KB (210 = 1024); a value of 13 equals the default for memory caches (213 = 8 KB). Specifying a
- value of 0 (zero) or greater than 30 returns the chunk size to the default. Values less than ten (equivalent to 1 KB)
- are not recommended. The following example sets the chunk size to four KB (212). Assuming a total cache size of four MB
- (4,096 KB), the resulting number of chunks is 1024. <PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/afsd -memcache -chunksize 12</B
-></SPAN
-></PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-blocks</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-chunksize</B
-></SPAN
-> together override the
- defaults for cache size and chunk size. The Cache Manager divides the first by the second to calculate the number of
- chunks and dcache entries. For example, the following example sets the cache size to six MB (6,144 KB) and chunksize to
- four KB (212), resulting in 1,536 chunks: <PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/afsd -memcache -blocks 6144 -chunksize 12</B
-></SPAN
-></PRE
-></P
-></LI
-></UL
-></P
-><P
->The following arguments or combinations explicitly set the number of chunks and dcache entries. It is best not to use
- them, because they set the cache size indirectly, forcing you to perform a hand calculation to determine the size of the
- cache. Instead, set the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-blocks</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-chunksize</B
-></SPAN
-> arguments
- alone or in combination; in those cases, the Cache Manager determines the number of chunks and dcache entries itself. Because
- the following combinations are not recommended, no examples are included. <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dcache</B
-></SPAN
-> argument alone explicitly sets the number of chunks and dcache
- entries. The Cache Manager multiples this value times the default chunk size of 8 KB to derive the total cache size
- (overriding the value in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-> file).</P
-></LI
-><LI
-><P
->The combination of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dcache</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-chunksize</B
-></SPAN
-> sets
- the chunk number and size. The Cache Manager sets the specified values and multiplies them together to obtain total
- cache size (overriding the value in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cacheinfo</B
-></SPAN
-> file).</P
-></LI
-></UL
-></P
-><P
->Do not use the following arguments for a memory cache: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-> alone. This argument controls the number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->n files for a disk cache, but is ignored for a memory cache.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-blocks</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dcache</B
-></SPAN
->. An error message results,
- because it is possible to provide values such that dividing the first (total size) by the second (number of chunks)
- results in a chunk size that is not a power of two.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
-></H1
-><P
->For the users of an AFS client machine to access a cell's AFS filespace and other services, the Cache Manager and other
- client-side agents must have an accurate list of the cell's database server machines. The affected functions include the
- following: <UL
-><LI
-><P
->Accessing files. The Cache Manager contacts the Volume Location (VL) Server to learn which file server machine
- houses the volume containing a requested file or directory. If the Cache Manager cannot contact a cell's VL Servers, it
- cannot fetch files.</P
-></LI
-><LI
-><P
->Authenticating. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> program and AFS-modified login utilities contact the
- Authentication Server to obtain tokens, which the AFS server processes accept as proof that the user is
- authenticated.</P
-></LI
-><LI
-><P
->Creating protection groups. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> command interpreter contacts the Protection
- Server when users create protection groups or request information from the Protection Database.</P
-></LI
-><LI
-><P
->Editing access control lists (ACLs). The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter contacts the File
- Server that maintains the read/write volume containing a file or directory; the location information comes from the VL
- Server.</P
-></LI
-></UL
-></P
-><P
->To enable a machine's users to access a cell, you must list the names and IP addresses of its database server machines in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file on the machine's local disk. In addition to the machine's
- home cell, you can list any foreign cells that you want to enable users to access. (To enable access to a cell's filespace, you
- must also mount its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume in the local AFS filespace; the conventional location is
- just under the AFS root directory, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->. For instructions, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick
- Beginnings</I
-></SPAN
->.)</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_451"
->How Clients Use the List of Database Server Machines</A
-></H2
-><P
->As the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program runs and initializes the Cache Manager, it reads the contents of
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file into kernel memory. The Cache Manager does not consult the file again
- until the machine next reboots. In contrast, the command interpreters for the AFS command suites (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
->) read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file
- each time they need to contact a database server process.</P
-><P
->When a cell's list of database server machines changes, you must change both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file and the list in kernel memory to preserve consistent client performance; some commands
- probably fail if the two lists of machines disagree. One possible method for updating both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file and kernel memory is to edit the file and reboot the machine. To avoid needing to
- reboot, you can instead perform both of the following steps: <OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs newcell</B
-></SPAN
-> command to alter the list in kernel memory directly, making
- the changes available to the Cache Manager.</P
-></LI
-><LI
-><P
->Edit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file to make the changes available to command interpreters.
- For a description of the file's format, see <A
-HREF="c21473.html#HDRWQ407"
->The Format of the CellServDB file</A
->.</P
-></LI
-></OL
-></P
-><P
->The consequences of missing or incorrect information in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file or kernel
- memory are as follows: <UL
-><LI
-><P
->If there is no entry for a cell, the machine's users cannot access the cell.</P
-></LI
-><LI
-><P
->If a cell's entry does not include a database server machine, then the Cache Manager and command interpreters
- never attempt to contact the machine. The omission does not prevent access to the cell--as long as the information about
- the other database server machines is correct and the server processes, machines, and network are functioning
- correctly--but it can put an undue burden on the machines that are listed. If all of the listed machines become
- inaccessible to clients, then the cell becomes inaccessible even if the omitted database server machine is functioning
- correctly.</P
-></LI
-><LI
-><P
->If a machine's name or address is incorrect, or the machine is not actually running the database server processes,
- then requests from clients time out. Users can experience lengthy delays because they have to wait the full timeout
- period before the Cache Manager or command interpreter contacts another database server machine.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ407"
->The Format of the CellServDB file</A
-></H2
-><P
->When editing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file, you must use the correct format for
- cell and machine entries. Each cell has a separate entry. The first line has the following format:</P
-><PRE
-CLASS="programlisting"
-> >cell_name #organization
-</PRE
-><P
->where cell_name is the cell's complete Internet domain name (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
->) and
- organization is an optional field that follows any number of spaces and the number sign (<SAMP
-CLASS="computeroutput"
->#</SAMP
->)
- and can name the organization to which the cell corresponds (for example, the ABC Corporation). After the first line comes a
- separate line for each database server machine. Each line has the following format:</P
-><PRE
-CLASS="programlisting"
-> IP_address #machine_name
-</PRE
-><P
->where IP_address is the machine's IP address in dotted decimal format (for example, 192.12.105.3). Following any number
- of spaces and the number sign (<SAMP
-CLASS="computeroutput"
->#</SAMP
->) is machine_name, the machine's fully-qualified hostname
- (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->db1.abc.com</B
-></SPAN
->). In this case, the number sign does not indicate a comment:
- machine_name is a required field.</P
-><P
->The order in which the cells appear is not important, but it is convenient to put the client machine's home cell first.
- Do not include any blank lines in the file, not even after the last entry.</P
-><P
->The following example shows entries for two cells, each of which has three database server machines:</P
-><PRE
-CLASS="programlisting"
-> >abc.com #ABC Corporation (home cell)
- 192.12.105.3 #db1.abc.com
- 192.12.105.4 #db2.abc.com
- 192.12.105.55 #db3.abc.com
- >stateu.edu #State University cell
- 138.255.68.93 #serverA.stateu.edu
- 138.255.68.72 #serverB.stateu.edu
- 138.255.33.154 #serverC.stateu.edu
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ408"
->Maintaining the Client CellServDB File</A
-></H2
-><P
->Because a correct entry in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file is vital for consistent client
- performance, you must also update the file on each client machine whenever a cell's list of database server machines changes
- (for instance, when you follow the instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> to add or remove a
- database server machine). To facilitate the client updates, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program,
- which copies files from a central source in AFS to the local disk of client machines. It is conventional to invoke the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program in a client machine's AFS initialization file so that it runs as the machine
- reboots, but you can also issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> command at any time. For instructions, see <A
-HREF="c23832.html#HDRWQ448"
->Running the package program</A
->.</P
-><P
->If you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program, the conventional location for your cell's central
- source <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cell_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common/etc/CellServDB</B
-></SPAN
->, where cell_name is your cell name. </P
-><P
->Creating a symbolic or hard link from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> to a central source file
- in AFS is not a viable option. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program reads the file into kernel memory before the
- Cache Manager is completely initialized and able to access AFS.</P
-><P
->Because every client machine has its own copy of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file, you can in theory
- make the set of accessible cells differ on various machines. In most cases, however, it is best to maintain consistency
- between the files on all client machines in the cell: differences between machines are particularly confusing if users
- commonly use a variety of machines rather than just one.</P
-><P
->The AFS Product Support group maintains a central <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file that includes all
- cells that have agreed to make their database server machines access to other AFS cells. It is advisable to check this file
- periodically for updated information. See <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->. </P
-><P
->An entry in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> is one of the two requirements for accessing a cell.
- The other is that the cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume is mounted in the local filespace, by
- convention as a subdirectory of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory. For instructions, see <A
-HREF="c8420.html#HDRWQ213"
->To create a cellular mount point</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file on a client machine is not the same as the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/CellServDB</B
-></SPAN
-> file on the local disk of a file server machine. The server version
- lists only the database server machines in the server machine's home cell, because server processes never need to contact
- foreign cells. It is important to update both types of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file on all machines in
- the cell whenever there is a change to your cell's database server machines. For more information about maintaining the
- server version of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file, see <A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server
- CellServDB File</A
->.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_454"
->To display the /usr/vice/etc/CellServDB file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Use a text editor or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat</B
-></SPAN
-> command to display the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file. By default, the mode bits on the file permit anyone to read it.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat /usr/vice/etc/CellServDB</B
-></SPAN
->
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_455"
->To display the list of database server machines in kernel memory</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listcells</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listcells [&]</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listc</B
-></SPAN
-> is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listcells</B
-></SPAN
->.</P
-><P
->To have your shell prompt return immediately, include the ampersand (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->&</B
-></SPAN
->), which
- makes the command run in the background. It can take a while to generate the complete output because the kernel stores
- database server machines' IP addresses only, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter has the
- cell's name resolution service (such as the Domain Name Service or a local host table) translate them into hostnames. You
- can halt the command at any time by issuing an interrupt signal such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->.</P
-><P
->The output includes a single line for each cell, in the following format:</P
-><PRE
-CLASS="programlisting"
-> Cell cell_name on hosts list_of_hostnames.
-</PRE
-><P
->The name service sometimes returns hostnames in uppercase letters, and if it cannot resolve a name at all, it
- returns its IP address. The following example illustrates all three possibilities:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listcells</B
-></SPAN
->
- .
- .
- Cell abc.com on hosts db1.abc.com db2.abc.com db3.abc.com
- Cell stateu.edu on hosts SERVERA.STATEU.EDU SERVERB.STATEU.EDU
- SERVERC.STATEU.EDU
- Cell ghi.org on hosts 191.255.64.111 191.255.64.112
- .
- .
-</PRE
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_456"
->To change the list of a cell's database server machines in kernel memory</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If you a use a central copy of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file as a source for client machines,
- verify that its directory's ACL grants you the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) permissions. The conventional directory is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cell_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common/etc</B
-></SPAN
->. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-> </P
-></LI
-><LI
-><P
-><A
-NAME="LINEWCELL"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs newcell</B
-></SPAN
-> command to add or change a cell's
- entry in kernel memory. Repeat the command for each cell.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->You cannot use this command to remove a cell's entry completely from kernel memory. In the rare cases when you
- urgently need to prevent access to a specific cell, you must edit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file
- and reboot the machine.</P
-></BLOCKQUOTE
-></DIV
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs newcell</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->cell name</VAR
->> <<VAR
-CLASS="replaceable"
->primary servers</VAR
->>+ \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-linkedcell</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->linked cell name</VAR
->>]
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->n</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->newcell</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cell name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete Internet domain name of the cell for which to record a new list of database server
- machines.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->primary servers</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the fully-qualified hostname or IP address in dotted-decimal format for each database server
- machine in the cell. The list you provide completely replaces the existing list.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-linkedcell</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete Internet domain name of the AFS cell to link to a DCE cell for the purposes of DFS
- fileset location. You can use this argument if the machine's AFS users access DFS via the AFS/DFS Migration
- Toolkit Protocol Translator. For instructions, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS/DFS Migration Toolkit Administration
- Guide and Reference</I
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->Add or edit the cell's entry in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file, using one
- of the following three methods. In each case, be sure to obey the formatting requirements described in <A
-HREF="c21473.html#HDRWQ407"
->The Format of the CellServDB file</A
->. <UL
-><LI
-><P
->If you maintain a central source version of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file and use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program, first use a text editor to alter the central copy of the file.
- Then issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> command to transfer the contents of the file to the local
- machine. For complete instructions, see <A
-HREF="c23832.html#HDRWQ448"
->Running the package program</A
->.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/package -v -c</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of package file</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If you maintain a central source <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file but do not use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program, first use a text editor to alter the central copy of the file. Then use a
- copying command such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cp</B
-></SPAN
-> command to copy it to the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file.</P
-></LI
-><LI
-><P
->If you do not use a central source <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file, edit the local machine's
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file directly.</P
-></LI
-></UL
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ409"
->Determining if a Client Can Run Setuid Programs</A
-></H1
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->setuid program</I
-></SPAN
-> is one whose binary file has the UNIX setuid mode bit turned on. While a setuid
- program runs, the user who initialized it assumes the local identity (UNIX UID) of the binary file's owner, and so is granted
- the permissions in the local file system that pertain to the owner. Most commonly, the issuer's assumed identity (often referred
- to as <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->effective UID</I
-></SPAN
->) is the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->.</P
-><P
->AFS does not recognize effective UID: if a setuid program accesses AFS files and directories, it uses the current AFS
- identity of the user who initialized the program, not of the program's owner. Nevertheless, it can be useful to store setuid
- programs in AFS for use on more than one client machine. AFS enables a client machine's administrator to determine whether the
- local Cache Manager allows setuid programs to run or not.</P
-><P
->By default, the Cache Manager allows programs from its home cell to run with setuid permission, but denies setuid
- permission to programs from foreign cells. A program belongs to the same cell as the file server machine that houses the volume
- in which the file resides, as specified in the file server machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/ThisCell</B
-></SPAN
->
- file. The Cache Manager determines its own home cell by reading the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> file
- at initialization.</P
-><P
->To change a cell's setuid status with respect to the local machine, become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcell</B
-></SPAN
-> command. To determine a cell's current
- setuid status, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcellstatus</B
-></SPAN
-> command.</P
-><P
->When you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcell</B
-></SPAN
-> command, you directly alter a cell's setuid status as
- recorded in kernel memory, so rebooting the machine is not necessary. However, nondefault settings do not persist across reboots
- of the machine unless you add the appropriate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcell</B
-></SPAN
-> command to the machine's AFS
- initialization file.</P
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can turn on the setuid mode bit on an AFS
- file or directory. When the setuid mode bit is turned on, the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command displays the
- third user mode bit as an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
-> instead of an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->x</B
-></SPAN
->, but for an AFS
- file or directory, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
-> appears only if setuid permission is enabled for the cell in which the
- file resides. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_458"
->To determine a cell's setuid status</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcellstatus</B
-></SPAN
-> command to check the setuid status of each desired cell.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getcellstatus</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->cell name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getce</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getcellstatus</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cell name</B
-></SPAN
-></DT
-><DD
-><P
->Names each cell for which to report setuid status. Provide the complete Internet domain name or a shortened
- form that distinguishes it from the other cells listed in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The output reports the setuid status of each cell: <UL
-><LI
-><P
->the string <SAMP
-CLASS="computeroutput"
->no setuid allowed</SAMP
-> indicates that the Cache Manager does not allow
- programs from the cell to run with <SAMP
-CLASS="computeroutput"
->setuid permission</SAMP
-></P
-></LI
-><LI
-><P
->setuid allowed indicates that the Cache Manager allows programs from the cell to run with setuid permission</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_459"
->To change a cell's setuid status</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcell</B
-></SPAN
-> command to change the setuid status of the cell.
- <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcell</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->cell name</VAR
->>+ [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-suid</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-nosuid</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setce</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setcell</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cell name</B
-></SPAN
-></DT
-><DD
-><P
->Names each cell for which to change setuid status as specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-suid</B
-></SPAN
->
- or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-nosuid</B
-></SPAN
-> flag. Provide each cell's complete Internet domain name or a shortened
- form that distinguishes it from the other cells listed in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-suid</B
-></SPAN
-></DT
-><DD
-><P
->Enables programs from each specified cell to execute with setuid permission. Provide this flag or the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-nosuid</B
-></SPAN
-> flag, or omit both to disable setuid permission for each cell.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-nosuid</B
-></SPAN
-></DT
-><DD
-><P
->Prevents programs from each specified cell from executing with setuid permission. Provide this flag or the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-suid</B
-></SPAN
-> flag, or omit both to disable setuid permission for each cell.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ410"
->Setting the File Server Probe Interval</A
-></H1
-><P
->The Cache Manager periodically sends a probe to server machines to verify that they are still accessible. Specifically, it
- probes the database server machines in its cell and those file servers that house data it has cached.</P
-><P
->If a server process does not respond to a probe, the client machine assumes that it is inaccessible. By default, the
- interval between probes is three minutes, so it can take up to three minutes for a client to recognize that a server process is
- once again accessible after it was inaccessible.</P
-><P
->To adjust the probe interval, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-interval</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command while logged in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->. The
- new interval setting persists until you again issue the command or reboot the machine, at which time the setting returns to the
- default. To preserve a nondefault setting across reboots, include the appropriate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- checkservers</B
-></SPAN
-> command in the machine's AFS initialization file.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_461"
->To set a client's file server probe interval</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-interval</B
-></SPAN
-> argument. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers -interval</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->seconds between probes</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->checks</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->checkservers</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-interval</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the number of seconds between probes. Provide an integer value greater than zero.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ411"
->Setting a Client Machine's Cell Membership</A
-></H1
-><P
->Each client machine belongs to a particular cell, as named in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
->
- on its local disk. The machine's cell membership determines three defaults important to users of the machine: <UL
-><LI
-><P
->The cell for which users of the machine obtain tokens (authenticate) when they use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->login</B
-></SPAN
-> program or issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command. There are two effects:
- <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> program and AFS-modified login utilities contact an Authentication
- Server in the cell named in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> file.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> program and AFS-modified login utilities combine the contents of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> file with the password that the user provides, generating an encryption
- key from the combination. The user's entry in the Authentication Database includes an encryption key also generated
- from the combination of password and cell name. If the cell name in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
->
- file is incorrect, users cannot authenticate even if they provide the correct password.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->The cell the Cache Manager considers its local, or home, cell. The Cache Manager allows programs from its local cell
- to run with setuid permission, but not programs from foreign cells, as discussed further in <A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid Programs</A
->.</P
-></LI
-><LI
-><P
->The default database server machines that are contacted by the AFS command interpreters running on this
- machine.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_463"
->To display a client machine's cell membership</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Use a text editor or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat</B
-></SPAN
-> command to display the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat /usr/vice/etc/ThisCell</B
-></SPAN
->
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_464"
->To set a client machine's cell membership</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Using a text editor, replace the cell name in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
->
- file.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional.)</B
-></SPAN
-> Reboot the machine to enable the Cache Manager to use the new cell name
- immediately; the appropriate command depends on the machine's system type. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->
- program, AFS-modified login utilities, and the AFS command interpreters use the new cell name the next time they are
- invoked; no reboot is necessary. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sync</B
-></SPAN
->
- # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->shutdown</B
-></SPAN
->
-</PRE
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ412"
->Forcing the Update of Cached Data</A
-></H1
-><P
->AFS's callback mechanism normally guarantees that the Cache Manager provides the most current version of a file or
- directory to the application programs running on its machine. However, you can force the Cache Manager to discard (flush) cached
- data so that the next time an application program requests it, the Cache Manager fetches the latest version available at the
- File Server.</P
-><P
->You can control how many file system elements to flush at a time: <UL
-><LI
-><P
->To flush only specific files or directories, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flush</B
-></SPAN
-> command. This command
- forces the Cache Manager to discard the data and status information it has cached from the specified files or directories.
- It does not discard information from an application program's buffer or information that has been altered locally (changes
- made in the cache but not yet saved permanently to the File Server). However, the next time an application requests the
- element's data or status information, the Cache Manager has to contact the File Server to get it.</P
-></LI
-><LI
-><P
->To flush everything cached from a certain volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flushvolume</B
-></SPAN
-> command.
- This command works like the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flush</B
-></SPAN
-> command, but differs in two ways: <UL
-><LI
-><P
->The Cache Manager discards data for all elements in the cache that come from the same volume as the specified
- files or directories.</P
-></LI
-><LI
-><P
->The Cache Manager discards only data, not status information. This difference has little practical effect, but
- can lead to different output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> command when the two different commands
- are used to flush the same element.</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-><P
->In addition to callbacks, the Cache Manager has a mechanism for tracking other kinds of possible changes, such as changes
- in a volume's location. If a volume moves and the Cache Manager has not accessed any data in it for a long time, the Cache
- Manager's volume location record can be wrong. To resynchronize it, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkvolumes</B
-></SPAN
->
- command. When you issue the command, the Cache Manager creates a new table of mappings between volume names, ID numbers, and
- locations. This forces the Cache Manager to reference newly relocated and renamed volumes before it can provide data from
- them.</P
-><P
->It is also possible for information about mount points to become corrupted in the cache. Symptoms of a corrupted mount
- point included garbled output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> command, and failed attempts to change
- directory to or list the contents of a mount point. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flushmount</B
-></SPAN
-> command to discard a
- corrupted mount point. The Cache Manager must refetch the mount point the next time it crosses it in a pathname. (The Cache
- Manager periodically refreshes cached mount points, but the only other way to discard them immediately is to reinitialize the
- Cache Manager by rebooting the machine. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_466"
->To flush certain files or directories</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flush</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flush</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->flush</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names each file or directory structure to flush from the cache. Omit this argument to flush the current
- working directory. Flushing a directory structure does not flush any files or subdirectories cached from
- it.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_467"
->To flush all data from a volume</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flushvolume</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flushvolume</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->flushv</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->flushvolume</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names a file or directory from each volume to flush from the cache. The Cache Manager flushes everything in
- the cache that it has fetched from the same volume. Omit this argument to flush all cached data fetched from the
- volume that contains the current working directory.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_468"
->To force the Cache Manager to notice other volume changes</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkvolumes</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkvolumes</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->checkv</B
-></SPAN
-> is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->checkvolumes</B
-></SPAN
->.</P
-></LI
-></OL
-><P
->The following command confirms that the command completed successfully:</P
-><PRE
-CLASS="programlisting"
-> All volumeID/name mappings checked.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ413"
->To flush one or more mount points</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flushmount</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flush</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->flushm</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->flushmount</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names each mount point to flush from the cache. Omit this argument to flush the current working directory.
- Files or subdirectories cached from the associated volume are unaffected.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ414"
->Maintaining Server Preference Ranks</A
-></H1
-><P
->As mentioned in the introduction to this chapter, AFS uses client-side data caching and callbacks to reduce the amount of
- network traffic in your cell. The Cache Manager also tries to make its use of the network as efficient as possible by assigning
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->preference ranks</I
-></SPAN
-> to server machines based on their network proximity to the local machine. The ranks bias
- the Cache Manager to fetch information from the server machines that are on its own subnetwork or network rather than on other
- networks, if possible. Reducing the network distance that data travels between client and server machine tends to reduce network
- traffic and speed the Cache Manager's delivery of data to applications.</P
-><P
->The Cache Manager stores two separate sets of preference ranks in kernel memory. The first set of ranks applies to
- machines that run the Volume Location (VL) Server process, hereafter referred to as <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->VL Server machines</I
-></SPAN
->. The
- second set of ranks applies to machines that run the File Server process, hereafter referred to as <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->file server
- machines</I
-></SPAN
->. This section explains how the Cache Manager sets default ranks, how to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setserverprefs</B
-></SPAN
-> command to change the defaults or set new ranks, and how to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- getserverprefs</B
-></SPAN
-> command to display the current set of ranks.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_471"
->How the Cache Manager Sets Default Ranks</A
-></H2
-><P
->As the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program initializes the Cache Manager, it assigns a preference rank of
- 10,000 to each of the VL Server machines listed in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file.
- It then randomizes the ranks by adding an integer randomly chosen from the range 0 (zero) to 126. It avoids assigning the same
- rank to machines in one cell, but it is possible for machines from different cells to have the same rank. This does not
- present a problem in use, because the Cache Manager compares the ranks of only one cell's database server machines at a time.
- Although AFS supports the use of multihomed database server machines, the Cache Manager only uses the single address listed
- for each database server machine in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file. Only Ubik can
- take advantage of a multihomed database server machine's multiple interfaces.</P
-><P
->The Cache Manager assigns preference ranks to a file server machine when it obtains the server's VLDB record from the VL
- Server, the first time that it accesses a volume that resides on the machine. If the machine is multihomed, the Cache Manager
- assigns a distinct rank to each of its interfaces (up to the number of interfaces that the VLDB can store for each machine,
- which is specified in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Release Notes</I
-></SPAN
->). The Cache Manager compares the interface's IP address
- to the local machine's address and applies the following algorithm: <UL
-><LI
-><P
->If the local machine is a file server machine, the base rank for each of its interfaces is 5,000.</P
-></LI
-><LI
-><P
->If the file server machine interface is on the same subnetwork as the local machine, its base rank is
- 20,000.</P
-></LI
-><LI
-><P
->If the file server machine interface is on the same network as the local machine, or is at the distant end of a
- point-to-point link with the local machine, its base rank is 30,000.</P
-></LI
-><LI
-><P
->If the file server machine interface is on a different network than the local machine, or the Cache Manager cannot
- obtain network information about it, its base rank is 40,000.</P
-></LI
-></UL
-></P
-><P
->If the client machine has only one interface, the Cache Manager compares it to the server interface's IP address and
- sets a rank according to the algorithm. If the client machine is multihomed, the Cache Manager compares each of the local
- interface addresses to the server interface, and assigns to the server interface the lowest rank that results from comparing
- it to all of the client interfaces.</P
-><P
->After assigning a base rank to a file server machine interface, the Cache Manager adds to it a number randomly chosen
- from the range 0 (zero) to 15. As an example, a file server machine interface in the same subnetwork as the local machine
- receives a base rank of 20,000, but the Cache Manager records the actual rank as an integer between 20,000 and 20,015. This
- process reduces the number of interfaces that have exactly the same rank. As with VL Server machine ranks, it is possible for
- file server machine interfaces from foreign cells to have the same rank as interfaces in the local cell, but this does not
- present a problem. Only the relative ranks of the interfaces that house a specific volume are relevant, and AFS supports
- storage of a volume in only one cell at a time.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_472"
->How the Cache Manager Uses Preference Ranks</A
-></H2
-><P
->Each preference rank pairs an interface's IP address with an integer that can range from 1 to 65,534. A lower rank
- (lower number) indicates a stronger preference. Once set, a rank persists until the machine reboots, or until you use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setserverprefs</B
-></SPAN
-> command to change it.</P
-><P
->The Cache Manager uses VL Server machine ranks when it needs to fetch volume location information from a cell. It
- compares the ranks for the cell's VL Server machines and attempts to contact the VL Server process on the machine with the
- best (lowest integer) rank. If it cannot reach that VL Server, it tries to contact the VL Server with the next best rank, and
- so on. If all of a cell's VL Server machines are inaccessible, the Cache Manager cannot fetch data from the cell.</P
-><P
->Similarly, when the Cache Manager needs to fetch data from a volume, it compares the ranks for the interfaces of
- machines that house the volume, and attempts to contact the interface that has the best rank. If it cannot reach the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fileserver</B
-></SPAN
-> process via that interface, it tries to contact the interface with the next best integer
- rank, and so on. If it cannot reach any of the interfaces for machines that house the volume, it cannot fetch data from the
- volume.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_473"
->Displaying and Setting Preference Ranks</A
-></H2
-><P
->To display the file server machine ranks that the Cache Manager is using, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- getserverprefs</B
-></SPAN
-> command. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
-> flag to display VL Server machine
- ranks instead. By default, the output appears on the standard output stream (stdout), but you can write it to a file instead
- by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument.</P
-><P
->The Cache Manager stores IP addresses rather than hostnames in its kernel list of ranks, but by default the output
- identifies interfaces by hostname after calling a translation routine that refers to either the cell's name service (such as
- the Domain Name Server) or the local host table. If an IP address appears in this case, it is because the translation attempt
- failed. To bypass the translation step and display IP addresses rather than hostnames, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-numeric</B
-></SPAN
-> flag. This can significantly speed up the output.</P
-><P
->You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setserverprefs</B
-></SPAN
-> command to reset an existing preference rank, or to
- set the initial rank of a file server machine interface or VL Server machine for which the Cache Manager has no rank. The
- ranks you set persist until the machine reboots or until you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setserverprefs</B
-></SPAN
->
- command again. To make a rank persist across a reboot, place the appropriate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setserverprefs</B
-></SPAN
-> command in the machine's AFS initialization file.</P
-><P
->As with default ranks, the Cache Manager adds a randomly chosen integer to each rank range that you assign. For file
- server machine interfaces, the randomizing number is from the range 0 (zero) to 15; for VL Server machines, it is from the
- range 0 (zero) to 126. For example, if you assign a rank of 15,000 to a file server machine interface, the Cache Manager
- stores an integer between 15,000 to 15,015.</P
-><P
->To assign VL Server machine ranks, list them after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlserver</B
-></SPAN
-> argument to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setserverprefs</B
-></SPAN
-> command.</P
-><P
->To assign file server machine ranks, use or more of the three possible methods: <OL
-TYPE="1"
-><LI
-><P
->List them after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-servers</B
-></SPAN
-> argument on the command line.</P
-></LI
-><LI
-><P
->Record them in a file and name it with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument. You can easily
- generate a file with the proper format by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->Provide them via the standard input stream, by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-stdin</B
-></SPAN
-> flag. This
- enables you to feed in values directly from a command or script that generates preferences using an algorithm
- appropriate for your cell. It must generate them in the proper format, with one or more spaces between each pair and
- between the two parts of the pair. The AFS distribution does not include such a script, so you must write one if you
- want to use this method.</P
-></LI
-></OL
-></P
-><P
->You can combine any of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-servers</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
->, and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-stdin</B
-></SPAN
-> options on the same command line if you wish. If more than one of them specifies a
- rank for the same interface, the one assigned with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-servers</B
-></SPAN
-> argument takes precedence.
- You can also provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
-> argument on the same command line to set VL Server
- machine ranks at the same time as file server machine ranks.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter does not verify hostnames or IP addresses, and so willingly
- stores ranks for hostnames and addresses that don't actually exist. The Cache Manager never uses such ranks unless the same
- VLDB record for a server machine records the same incorrect information. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_474"
->To display server preference ranks</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
-> command to display the Cache Manager's preference ranks
- for file server machines or VL Server machines. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->output to named file</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-numeric</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->gp</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getserverprefs</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->gets</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of the file to which to write the list of ranks. Omit this argument to display the
- list on the standard output stream (stdout).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-numeric</B
-></SPAN
-></DT
-><DD
-><P
->Displays the IP address, rather than the hostname, of each ranked machine interface. Omit this flag to have
- the addresses translated into hostnames, which takes longer.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
-></DT
-><DD
-><P
->Displays ranks for VL Server machines rather than file server machines.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The following example displays file server machine ranks. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-numeric</B
-></SPAN
-> flag is not
- used, so the appearance of an IP address indicates that is not currently possible to translate it to a hostname.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs gp</B
-></SPAN
->
- fs5.abc.com 20000
- fs1.abc.com 30014
- server1.stateu.edu 40011
- fs3.abc.com 20001
- fs4.abc.com 30001
- 192.12.106.120 40002
- 192.12.106.119 40001
- . . . . . . .
-</PRE
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_475"
->To set server preference ranks</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setserverprefs</B
-></SPAN
-> command to set the Cache Manager's preference ranks for
- one or more file server machines or VL Server machines. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setserverprefs</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-servers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->fileserver names and ranks</VAR
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->VL server names and ranks</VAR
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->input from named file</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-stdin</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sp</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setserverprefs</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sets</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-servers</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more pairs of file server machine interface and rank. Identify each interface by its
- fully-qualified hostname or IP address in dotted decimal format. Acceptable ranks are the integers from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->65534</B
-></SPAN
->. Separate the parts of a pair, and the pairs
- from one another, with one or more spaces.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more pairs of VL Server machine and rank. Identify each machine by its fully-qualified
- hostname or IP address in dotted decimal format. Acceptable ranks are the integers from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->65534</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of a file that contains one more pairs of file server machine interface and rank.
- Place each pair on its own line in the file. Use the same format for interfaces and ranks as with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-servers</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-stdin</B
-></SPAN
-></DT
-><DD
-><P
->Indicates that pairs of file server machine interface and rank are being provided via the standard input
- stream (stdin). The program or script that generates the pairs must format them in the same manner as for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-servers</B
-></SPAN
-> argument.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ415"
->Managing Multihomed Client Machines</A
-></H1
-><P
->The File Server can choose the interface to which to send a message when it initiates communication with the Cache Manager
- on a multihomed client machine (one with more than one network interface and IP address). If that interface is inaccessible, it
- automatically switches to an alternate. This improves AFS performance, because it means that the outage of an interface does not
- interrupt communication between File Server and Cache Manager.</P
-><P
->The File Server can choose the client interface when it sends two types of messages: <UL
-><LI
-><P
->A message to break the callback that the Cache Manager holds on a cached file</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->ping</I
-></SPAN
-> message to check that the Cache Manager is still accessible and responding; the File
- Server sends such a message every few minutes</P
-></LI
-></UL
-></P
-><P
->(The File Server does not choose which client interface to respond to when filling a Cache Manager's request for AFS data.
- In that case, it always responds to the client interface via which the Cache Manager sent the request.)</P
-><P
->The Cache Manager compiles the list of eligible interfaces on its client machine automatically as it initializes, and
- records them in kernel memory. When the Cache Manager first establishes a connection with the File Server, it sends along the
- list of interface addresses. The File Server records the addresses, and uses the one at the top of the list when it needs to
- break a callback or send a ping to the Cache Manager. If that interface is inaccessible, the File Server simultaneously sends a
- message to all of the other interfaces in the list. Whichever interface replies first is the one to which the File Server sends
- future messages.</P
-><P
->You can control which addresses the Cache Manager registers with File Servers by listing them in two files in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory on the client machine's local disk: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetInfo</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetRestrict</B
-></SPAN
->. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetInfo</B
-></SPAN
->
- file exists when the Cache Manager initializes, the Cache Manager uses its contents as the basis for the list of interfaces.
- Otherwise, the Cache Manager uses the list of interfaces configured with the operating system. It then removes from the list any
- addresses that appear in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/NetRestrict</B
-></SPAN
-> file, if it exists. The Cache Manager
- records the resulting list in kernel memory.</P
-><P
->You can also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-> command to change the list of addresses stored in
- the Cache Manager's kernel memory, without rebooting the client machine. The list of addresses you provide on the command line
- completely replaces the current list in kernel memory. The changes you make persist only until the client machine reboots,
- however. To preserve the revised list across reboots, list the interfaces in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetInfo</B
-></SPAN
-> file
- (and if appropriate, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetRestrict</B
-></SPAN
-> file) in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory. (You can also place the appropriate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setclientaddrs</B
-></SPAN
-> command in the machine's AFS initialization script, but that is less efficient: by the time the Cache
- Manager reads the command in the script, it has already compiled a list of interfaces.)</P
-><P
->To display the list of addresses that the Cache Manager is currently registering with File Servers, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getclientaddrs</B
-></SPAN
-> command.</P
-><P
->Keep the following in mind when you change the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetInfo</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetRestrict</B
-></SPAN
-> file, or issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getclientaddrs</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-> commands: <UL
-><LI
-><P
->When you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-> command, the revised list of addresses does
- not propagate automatically to File Servers with which the Cache Manager has already established a connection. They
- continue to use the list that the Cache Manager registered with them when it first established a connection. To force
- previously contacted File Servers to use the revised list, you must either reboot each file server machine, or reboot the
- client machine after changing its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetInfo</B
-></SPAN
-> file, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NetRestrict</B
-></SPAN
-> file, or both.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter verifies that each of the addresses you specify on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-> command line is actually configured with the client machine's operating
- system. If it is not, the command fails with an error message that marks the address as a <SAMP
-CLASS="computeroutput"
->Nonexistent
- interface</SAMP
->.</P
-></LI
-><LI
-><P
->As previously noted, the File Server does not use the registered list of addresses when it responds to the Cache
- Manager's request for data (as opposed to initiating communication itself). It always attempts to send its reply to the
- interface from which the Cache Manager sent the request. If the reply attempt fails, the File Server selects an alternate
- route for resending the reply according to its server machine's network routing configuration, not the list of addresses
- registered by the Cache Manager.</P
-></LI
-><LI
-><P
->The Cache Manager does not use the list of interfaces when choosing the interface via which to establish a
- connection to a File Server.</P
-></LI
-><LI
-><P
->The list of addresses that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getclientaddrs</B
-></SPAN
-> command displays is not
- necessarily the one that a specific File Server is using, if an administrator has issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setclientaddrs</B
-></SPAN
-> command since the Cache Manager first contacted that File Server. It determines only which
- addresses the Cache Manager registers when connecting to File Servers in future.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_477"
->To create or edit the client NetInfo file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Using a text editor, open the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/NetInfo</B
-></SPAN
-> file. Place one IP address in
- dotted decimal format (for example, <SAMP
-CLASS="computeroutput"
->192.12.107.33</SAMP
->) on each line. On the first line, put
- the address that you want each File Server to use initially. The order of the remaining machines does not matter, because
- if an RPC to the first interface fails, the File Server simultaneously sends RPCs to all of the other interfaces in the
- list. Whichever interface replies first is the one to which the File Server then sends pings and RPCs to break
- callbacks.</P
-></LI
-><LI
-><P
->If you want the Cache Manager to start using the revised list immediately, either reboot the machine, or use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-> command to create the same list of addresses in kernel memory
- directly.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_478"
->To create or edit the client NetRestrict file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Using a text editor, open the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/NetRestrict</B
-></SPAN
-> file. Place one IP address
- in dotted decimal format on each line. The order of the addresses is not significant. Use the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->255</B
-></SPAN
-> as a wildcard that represents all possible addresses in that field. For example, the entry
- <SAMP
-CLASS="computeroutput"
->192.12.105.255</SAMP
-> indicates that the Cache Manager does not register any of the addresses in
- the 192.12.105 subnet.</P
-></LI
-><LI
-><P
->If you want the Cache Manager to start using the revised list immediately, either reboot the machine, or use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-> command to set a list of addresses that does not included the
- prohibited ones.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_479"
->To display the list of addresses from kernel memory</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getclientaddrs</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getclientaddrs</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->gc</B
-></SPAN
-> is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getclientaddrs</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getcl</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></LI
-></OL
-><P
->The output lists each IP address on its own line, in dotted decimal format. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_480"
->To set the list of addresses in kernel memory</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-> command to replace the list of addresses currently in
- kernel memory with a new list. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setclientaddrs</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-address</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->client network interfaces</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sc</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setclientaddrs</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setcl</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-address</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more IP addresses in dotted decimal format (hostnames are not acceptable). Separate each
- address with one or more spaces.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ416"
->Controlling the Display of Warning and Informational Messages</A
-></H1
-><P
->By default, the Cache Manager generates two types of warning and informational messages: <UL
-><LI
-><P
->It sends <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->user messages</I
-></SPAN
->, which provide user-level status and warning information, to user
- screens.</P
-></LI
-><LI
-><P
->It sends <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->console messages</I
-></SPAN
->, which provide system-level status and warning information, to the
- client machine's designated console.</P
-></LI
-></UL
-></P
-><P
->You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs messages</B
-></SPAN
-> command to control whether the Cache Manager displays either
- type of message, both types, or neither. It is best not to disable messages completely, because they provide useful
- information.</P
-><P
->If you want to monitor Cache Manager status and performance more actively, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> program to collect an extensive set of statistics (it also gathers File Server statistics). If
- you experience performance problems, you can use <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstrace</B
-></SPAN
-> suite of commands to gather a
- low-level trace of Cache Manager operations, which the AFS Support and Development groups can analyze to help solve your
- problem. To learn about both utilities, see <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_482"
->To control the display of warning and status messages</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs messages</B
-></SPAN
-> command, using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-show</B
-></SPAN
->
- argument to specify the type of messages to be displayed. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs messages -show</B
-></SPAN
-> <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
->|<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->console</B
-></SPAN
->|<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
->|<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->me</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->messages</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-show</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the types of messages to display. Choose one of the following values: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
-></DT
-><DD
-><P
->Sends user messages to user screens.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->console</B
-></SPAN
-></DT
-><DD
-><P
->Sends console messages to the console.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-></DT
-><DD
-><P
->Sends user messages to user screens and console messages to the console (the default if the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-show</B
-></SPAN
-> argument is omitted).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-></DT
-><DD
-><P
->Disables messages completely.</P
-></DD
-></DL
-></DIV
-></P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ417"
->Displaying and Setting the System Type Name</A
-></H1
-><P
->The Cache Manager stores the system type name of the local client machine in kernel memory. It reads in the default value
- from a hardcoded definition in the AFS client software.</P
-><P
->The Cache Manager uses the system name as a substitute for the @sys variable in AFS pathnames. The variable is useful when
- creating a symbolic link from the local disk to an AFS directory that houses binaries for the client machine's system type.
- Because the @sys variable automatically steers the Cache Manager to the appropriate directory, you can create the same symbolic
- link on client machines of different system types. (You can even automate the creation operation by using the package utility
- described in <A
-HREF="c23832.html"
->Configuring Client Machines with the package Program</A
->.) The link also remains valid
- when you upgrade the machine to a new system type.</P
-><P
->Configuration is simplest if you use the system type names that AFS assigns. For a list, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Release
- Notes</I
-></SPAN
->.</P
-><P
->To display the system name stored in kernel memory, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sys</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-> command. To change the name, add the latter command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newsys</B
-></SPAN
->
- argument. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_484"
->To display the system type name</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sys</B
-></SPAN
-> command.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sys</B
-></SPAN
->
-</PRE
-></P
-></LI
-></OL
-><P
->The output of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-> command has the following format:</P
-><PRE
-CLASS="programlisting"
-> Current sysname is 'system_name'
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sys</B
-></SPAN
-> command displays the system_name string with no other text.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_485"
->To change the system type name</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-> command, using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newsys</B
-></SPAN
->
- argument to specify the new name. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->new sysname</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sys</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sysname</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->new sysname</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the new system type name.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ418"
->Enabling Asynchronous Writes</A
-></H1
-><P
->By default, the Cache Manager writes all data to the File Server immediately and synchronously when an application program
- closes a file. That is, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> system call does not return until the Cache Manager has
- actually written all of the cached data from the file back to the File Server. You can enable the Cache Manager to write files
- asynchronously by specifying the number of kilobytes of a file that can remain to be written to the File Server when the Cache
- Manager returns control to the application.</P
-><P
->Enabling asynchronous writes can be helpful to users who commonly work with very large files, because it usually means
- that the application appears to perform faster. However, it introduces some complications. It is best not to enable asynchronous
- writes unless the machine's users are sophisticated enough to understand the potential problems and how to avoid them. The
- complications include the following: <UL
-><LI
-><P
->In most cases, the Cache Manager returns control to applications earlier than it does by default, but it is not
- guaranteed to do so. Users cannot always expect faster performance.</P
-></LI
-><LI
-><P
->If an asynchronous write fails, there is no way to notify the application, because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> system call has already returned with a code indicating success.</P
-></LI
-><LI
-><P
->Asynchronous writing increases the possibility that the user fails to notice when a write operation makes a volume
- exceed its quota. As always, the portion of the file that exceeds the quota is lost, as indicated by a message like the
- following: <PRE
-CLASS="programlisting"
-> No space left on device
-</PRE
-></P
-><P
->To avoid losing data because of insufficient quota, before closing a file users must verify that the volume housing
- the file has enough free space to accommodate it.</P
-></LI
-></UL
-></P
-><P
->When you enable asynchronous writes by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-> command, you set the
- number of kilobytes of a file that can still remain to be written to the File Server when the Cache Manager returns control to
- the application program. You can apply the setting either to all files manipulated by applications running on the machine, or
- only to certain files: <UL
-><LI
-><P
->The setting that applies to all files is called the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->default store asynchrony</I
-></SPAN
-> for the machine,
- and persists until the machine reboots. If, for example, you set the default store asynchrony to 10 KB, it means that when
- an application closes a file, the Cache Manager can return control to the application as soon as no more than 10 KB of a
- file that the application has closed remain to be written to the File Server.</P
-></LI
-><LI
-><P
->The setting for an individual file overrides the default store asynchrony and persists as long as there is an entry
- for the file in the internal table that the Cache Manager uses to track information about files. In general, such an entry
- persists at least until an application closes the file or exits completely, but the Cache Manager is free to recycle the
- entry if the file is inactive and it needs to free up slots in the table. To be sure the entry exists in the table, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-> command shortly before closing the file.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_487"
->To set the default store asynchrony</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-allfiles</B
-></SPAN
-> argument. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind -allfiles</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->new default (KB)</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->st</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->storebehind</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-allfiles</B
-></SPAN
-></DT
-><DD
-><P
->Sets the number of kilobytes of data that can remain to be written to the File Server when the Cache Manager
- returns control to the application that closed a file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-></DT
-><DD
-><P
->Produces a message that confirms the new setting.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_488"
->To set the store asynchrony for one or more files</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) permission on
- the access control list (ACL) of each file for which you are setting the store asynchrony, by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is described fully in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> dir/file path
-</PRE
-></P
-><P
->Alternatively, become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the client machine, if you are
- not already, by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kbytes</B
-></SPAN
->
- and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-> arguments. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind -kbytes</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->asynchrony for specified names</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->specific pathnames</VAR
->>+ \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->st</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->storebehind</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kbytes</B
-></SPAN
-></DT
-><DD
-><P
->Sets the number of kilobytes of data that can remain to be written to the File Server when the Cache Manager
- returns control to the application that closed a file named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
->
- argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each file for which to set a store asynchrony that overrides the default. Partial pathnames are
- interpreted relative to the current working directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-></DT
-><DD
-><P
->Produces a message that confirms that new setting.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_489"
->To display the default store asynchrony</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-> command with no arguments, or with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-> flag only. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->st</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->storebehind</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-></DT
-><DD
-><P
->Produces output that reports the default store asynchrony.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_490"
->To display the store asynchrony for one or more files</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
->
- argument only. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs storebehind</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->specific pathnames</VAR
->>+
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->st</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->storebehind</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-files</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each file for which to display the store asynchrony. Partial pathnames are interpreted relative to
- the current working directory.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The output lists each file separately. If a value has previously been set for the specified files, the output reports
- the following:</P
-><PRE
-CLASS="programlisting"
-> Will store up to y kbytes of file asynchronously.
- Default store asynchrony is x kbytes.
-</PRE
-><P
->If the default store asynchrony applies to a file (because you have not set a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-kbytes</B
-></SPAN
->
- value for it), the output reports the following:</P
-><PRE
-CLASS="programlisting"
-> Will store file according to default.
- Default store asynchrony is x kbytes.
-</PRE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="p21471.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c23832.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Managing Client Machines</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p21471.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Configuring Client Machines with the package Program</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Configuring Client Machines with the package Program</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing Client Machines"
-HREF="p21471.html"><LINK
-REL="PREVIOUS"
-TITLE="Administering Client Machines and the Cache Manager"
-HREF="c21473.html"><LINK
-REL="NEXT"
-TITLE="Managing Users and Groups"
-HREF="p24911.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c21473.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="p24911.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ419"
-></A
->Chapter 11. Configuring Client Machines with the package Program</H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program automates many aspects of the client configuration process. With the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program, you can easily configure the local disk of numerous clients by defining global
- configuration files. </P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ420"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands or instructions in a prototype
- file:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN23853"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="37*"><COL
-WIDTH="63*"><TBODY
-><TR
-><TD
->Configure a client machine's local disk</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Define directory</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> [update_code] directory owner group mode_bits</TD
-></TR
-><TR
-><TD
->Define file</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> [update_code] file source_file [owner group mode_bits]</TD
-></TR
-><TR
-><TD
->Define symbolic link</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> [update_code] link actual_file [owner group mode_bits]</TD
-></TR
-><TR
-><TD
->Define block special device</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->B</B
-></SPAN
-> device_name major_device_number minor_device_number owner group
- mode_bits</TD
-></TR
-><TR
-><TD
->Define character special device</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->C</B
-></SPAN
-> device_name major_device_number minor_device_number owner group
- mode_bits</TD
-></TR
-><TR
-><TD
->Define socket</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> socket_name [owner group mode_bits]</TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ422"
->Using the package Program</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program uses system-independent <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->prototype files</I
-></SPAN
-> to
- define a standard disk configuration; a prototype file indicates which files reside on the local client disk, which files are
- links into AFS, etc. The prototype files are then compiled into <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->configuration files</I
-></SPAN
-> for each different
- system type.</P
-><P
->Not all client machines have the same configuration. If desired, you can create different prototype files for different
- client functions (print server, regular client, etc.).</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program compares the contents of a local client disk with the configuration
- file. If there are any differences, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program makes the necessary updates to the
- local disk by copying the files from AFS onto the disk. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program can also be
- configured to delete files that are not part of the system configuration or automatically reboot the client when certain files
- (such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dkload</B
-></SPAN
-> file) have been updated.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program does require that you take some time to prepare the prototype files,
- but it provides the following benefits: <UL
-><LI
-><P
->You no longer need to configure each machine individually; the prototype configuration file applies to all
- machines.</P
-></LI
-><LI
-><P
->You can change the configuration of machines simply by changing the prototype file and rebooting the clients.</P
-></LI
-><LI
-><P
->Disk organization is uniform across a set of machines.</P
-></LI
-><LI
-><P
->The configuration files serve as a record of files on the disk and symbolic links into AFS.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_494"
->Using Package on File Server Machines</A
-></H2
-><P
->While the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program was designed for use on client machines, it can also be used
- to configure a file server machine's disk. However, if any of the files referred to in a configuration file reside in volumes
- on the file server, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program cannot access the volumes during reboot (and until
- the File Server process and Volume Server process start up again).</P
-><P
->Since the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program aborts when it cannot access a file, you need to eliminate
- references to files in AFS that reside in volumes on the file server machine. Because of these constraints, the remainder of
- this chapter assumes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program is being used for client configurations.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ423"
->Package Overview</A
-></H1
-><P
->There are three main steps to follow before running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program: <OL
-TYPE="1"
-><LI
-><P
->Preparing function-specific <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->prototype files</I
-></SPAN
-> (and any included <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->library
- files</I
-></SPAN
->).</P
-></LI
-><LI
-><P
->Modifying the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> and compiling
- prototype files into system-specific <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->configuration files</I
-></SPAN
->.</P
-></LI
-><LI
-><P
->Modifying client machines to run the appropriate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> configuration file
- automatically.</P
-></LI
-></OL
-></P
-><P
->The following sections summarize these steps.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_496"
->Preparing Prototype Files</A
-></H2
-><P
->Begin by listing the different functions or roles client machines perform and the local disk configurations that support
- those functions. Example roles include a standard client that provides AFS access, a print server that drives a printer, and a
- backup machine on which you issue commands from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> suite. Create a different
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->prototype file</I
-></SPAN
-> for each role.</P
-><P
->A prototype file defines the disk configuration that supports a specific role. Usually, prototype files are
- function-specific, but system independent; system-specific values can be defined using variables and library files. Then, when
- you modify a variable or library file, the change gets propagated to all appropriate clients when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program is invoked.</P
-><P
->Methods for building flexible prototype files that are easy to maintain are presented in <A
-HREF="c23832.html#HDRWQ427"
->Example Prototype and Library Files</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ424"
->Compiling Prototype Files</A
-></H2
-><P
->Prototype files are usually system-independent, but can include <SAMP
-CLASS="computeroutput"
->ifdef</SAMP
-> statements to
- satisfy the needs of different system types. The prototype files are compiled to generate operating-system specific versions.
- During compilation, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program selects the definitions suitable for each system type
- and replaces any variables with actual values. These compiled, machine-specific files are called <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->configuration
- files</I
-></SPAN
->.</P
-><P
->Prototype files are compiled using a standard-type <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file, as described in <A
-HREF="c23832.html#HDRWQ438"
->The Package Makefile File</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_498"
->Preparing Clients</A
-></H2
-><P
->Once system-specific configuration files exist, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program is ready to run on
- the clients. You must first make the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary available and specify the correct
- configuration file.</P
-><P
->Modify the clients as described below: <OL
-TYPE="1"
-><LI
-><P
->Create a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.package</B
-></SPAN
-> file in the root ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
-> )
- directory of each client's local disk that defines the default configuration file.</P
-></LI
-><LI
-><P
->Make the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/package</B
-></SPAN
->) available
- on the local disk.</P
-></LI
-><LI
-><P
->Modify the machine's initialization file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/rc</B
-></SPAN
-> or equivalent) to include a
- call to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program.</P
-></LI
-></OL
-></P
-><P
->These steps are discussed more completely in <A
-HREF="c23832.html#HDRWQ447"
->Modifying Client Machines</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ425"
->The package Directory Structure</A
-></H1
-><P
->This section assumes that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->-related files have been installed in three
- subdirectories of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname/<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->wsadmin</B
-></SPAN
-> directory:
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
->, as
- recommended in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
->.</P
-><P
->These directories contain several sample prototype, library, and configuration files, which can help to clarify how the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program works. However, they are not necessarily suitable for use in your cell; you
- must modify them for your needs.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ426"
->The src directory</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src</B
-></SPAN
-> directory contains some sample prototype files (used to build the configuration
- files), the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file used to build them, and the resulting compiled configuration
- files.</P
-><P
->Prototype files have names of the form function.<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->proto</B
-></SPAN
->. For example, a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->minimal.proto</B
-></SPAN
-> file defines the minimum set of library files need to run AFS and a<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff.dkload.proto</B
-></SPAN
-> file defines a client configuration that uses the a dynamic kernel loading program.
- Prototype files can also contain definitions for system administrative files, such as a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->hosts.equiv</B
-></SPAN
-> file.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file is used to compile the system-independent prototype files into
- system-specific configuration files. To learn how to modify this file for use in your cell, see <A
-HREF="c23832.html#HDRWQ438"
->The
- Package Makefile File</A
->.</P
-><P
->Configuration files are the compiled version of the prototype files and are named function<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->sysname. Configuration files also appear in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
-> subdirectory,
- which the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program accesses when configuring disks.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_501"
->The lib directory</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib</B
-></SPAN
-> directory contains many of the example library files referred to in prototype
- files. For example, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->base.generic</B
-></SPAN
-> file is a system-independent file which includes a
- definition of the cell name, system options, and variables; these are used to set the owner, group, and mode_bits fields in
- the file and the symbolic link definitions.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_502"
->The etc directory</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
-> directory contains the system-specific configuration files built from the
- prototype files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src</B
-></SPAN
-> subdirectory. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program
- uses the configuration files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
-> directory to configure disks.</P
-><P
->Some of the example files include <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->minimal</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff</B
-></SPAN
->
- prototype files compiled for different system types.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ427"
->Example Prototype and Library Files</A
-></H1
-><P
->A prototype file is a template that defines the configuration of a client's local disk. Prototype files are usually
- function-specific (for example, a backup machine, print server, etc.) but system-independent. Prototype files support the use of
- <SAMP
-CLASS="computeroutput"
->ifdef</SAMP
-> statements and variables, so you can include system-specific definitions. The actual
- system-specific configuration file is generated when the prototype file is compiled.</P
-><P
->The components defined in a prototype file can include the directories, files, symbolic links, block special devices,
- character special devices and sockets that need to reside on a client's local disk in order for it to perform a specific role,
- such as a print server or backup machine. Thus, we recommend that you construct a unique prototype file for each different
- client function.</P
-><P
->To make the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program more effective and easy to maintain, create prototype files
- that are modular and generic, instead of specific, by using library files and variables: <UL
-><LI
-><P
->By creating general-purpose library files, you can include the same library file in many prototype files. Thus, you
- can make global configuration changes by modifying a single library file; you do not need to modify each prototype
- file.</P
-></LI
-><LI
-><P
->Variables enable you to change definitions simply by changing the variable's value.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ428"
->An Example Prototype File</A
-></H2
-><P
->The following is part of an example prototype file that contains the minimum definitions necessary to run AFS. A similar
- file called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->minimal.proto</B
-></SPAN
-> can reside in your <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src</B
-></SPAN
->
- subdirectory. As recommended, this prototype file references library files and does not include actual definitions.</P
-><PRE
-CLASS="programlisting"
-> .
- .
- # Package prototype for a minimal configuration.
- # Base components
- %include ${wsadmin}/lib/base.generic
- # Machine-specific components
- %ifdef rs_aix42
- %include ${wsadmin}/lib/rs_aix42.readonly
- %include ${wsadmin}/lib/rs_aix42.AFS
- %endif rs_aix42
- %ifdef alpha_dux40
- %include ${wsadmin}/lib/alpha_dux40.readonly
- %include ${wsadmin}/lib/alpha_dux40.AFS
- %endif alpha_dux40
- %ifdef sun4x_56
- %include ${wsadmin}/lib/sun4x_56.readonly
- %include ${wsadmin}/lib/sun4x_56.AFS
- %endif sun4x_56
- .
- .
-</PRE
-><P
->In the previous example, the first uncommented line includes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/lib/base.generic</B
-></SPAN
->
- library file. This library file can contain definitions appropriate for many prototype files; the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->base.generic</B
-></SPAN
-> library file can also be included in other prototype files, like a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff.proto</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup.proto</B
-></SPAN
-> file. An example library file appears in
- the following section.</P
-><P
->Note that system-specific definitions are permitted through the use of <SAMP
-CLASS="computeroutput"
->ifdef</SAMP
-> statements
- and variables (for example, <SAMP
-CLASS="computeroutput"
->${wsadmin}</SAMP
-> is used to specify pathnames). Thus, the same
- prototype file can be used to configure a machine running AIX 4.2 or Solaris 2.6, even though they require different files,
- directories, symbolic links and devices.</P
-><P
->In the next uncommented lines of this example, the administrator has constructed different library files for different
- system types. Each of these is compiled into unique configuration files. For instance, the following lines in this prototype
- file tell the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program to use the library files <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib/rs_aix42.readonly</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib/rs_aix42.AFS</B
-></SPAN
-> for the configuration file
- when the value rs_aix42 has been declared. (The system-type definition is declared in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
->; see <A
-HREF="c23832.html#HDRWQ438"
->The Package Makefile File</A
->.)</P
-><PRE
-CLASS="programlisting"
-> %ifdef rs_aix42
- %include ${wsadmin}/lib/rs_aix42.readonly
- %include ${wsadmin}/lib/rs_aix42.AFS
- %endif rs_aix42
-</PRE
-><P
->Similarly, the following lines tell the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program to use the library files
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib/sun4x_56.readonly</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib/sun4x_56.AFS</B
-></SPAN
-> when the value
- sun4x_56 has been declared.</P
-><PRE
-CLASS="programlisting"
-> %ifdef sun4x_56
- %include ${wsadmin}/lib/sun4x_56.readonly
- %include ${wsadmin}/lib/sun4x_56.AFS
- %endif sun4x_56
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_505"
->Example Library File</A
-></H2
-><P
->The following is part of an example library file for basic configuration definitions. A similar file, called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->base.generic</B
-></SPAN
->, can reside in your <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib</B
-></SPAN
-> subdirectory. Note that
- configurations are defined using standard <SAMP
-CLASS="computeroutput"
->ifdef</SAMP
-> statements.</P
-><PRE
-CLASS="programlisting"
-> .
- .
- #
- # Base package definitions.
- #
- %ifndef cell
- %define cell abc.com
- %endif cell
- %ifndef sys
- %include /etc/package.sys
- %endif sys
- %define ${name} ${name}
- %define ${cpu} ${cpu}
- %define ${sys} ${sys}
- %define ${dept} ${dept}
- %define ${hostname} ${hostname}
- %ifdef rs_aix42
- % define AIX
- % define rootlinks
- %ifndef noafsd
- % define afsd
- %endif noafsd
- %endif rs_aix42
- .
- .
- #
- # Some definitions to handle common combinations of owner, group,
- # and protection fields.
- #
- %define rzmode root wheel 600
- %define usermode root wheel 666
- %define systemmode root wheel 644
- %define diskmode root wheel 644
- %define ptymode root wheel 666
- %define ttymode root wheel 666
- .
- .
- %define aix_rootbin root bin
- %define aix_rootprintq root printq
- %define aix_rootstaff root staff
- %define aix_rootsys root system
- %define aix_binbin bin bin
- %define aix_binmail bin mail
- %define aix_binsys bin system
- %define aix_addsys adduser system
- %define aix_romode 444
- %define aix_loginmode 544
- %define aix_usermode 666
- %define aix_systemmode 644
- %define aix_textmode 644
- %define aix_rwmode1 660
- %define aix_allrugw 664
-</PRE
-><P
->The following example library file uses <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->-specific syntax to define files,
- directories, sockets, etc. Each line, called a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->configuration file instruction</I
-></SPAN
->, defines a specific
- component of disk configuration. The proper syntax for these instructions is briefly described in <A
-HREF="c23832.html#HDRWQ429"
->Package Configuration File Instruction Syntax</A
->; see the reference page for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> configuration file in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
-> for detailed
- descriptions.</P
-><P
->In this example, the library file contains instructions specific to the configuration of an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42</B
-></SPAN
-> machine. You can have similar library files in your <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib</B
-></SPAN
->
- subdirectory.</P
-><PRE
-CLASS="programlisting"
-> .
- .
- #
- # Generic configuration for an AFS rs_aix42 machine.
- #
- D / ${treemode}
- D /afs
- FAQ /unix ${machine}/unix.std ${binmode}
- LA /unix.std /unix
- D /bin ${treemode}
- F /bin/as ${machine} ${binmode}
- F /bin/ld ${machine} ${binmode}
- F /bin/nm ${machine} ${binmode}
- FO /bin/login ${afstest} ${suidmode}
- .
- .
- FAQ /usr/vice/etc/ThisCell ${common}/etc/ThisCell ${textmode}
- FQ /usr/vice/etc/afsd ${afstest}/root.client ${binmode}
- FA /usr/vice/etc/bos ${afstest}/bin/bos ${binmode}
- FA /usr/vice/etc/fs ${afstest}/bin/fs ${binmode}
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ429"
->Package Configuration File Instruction Syntax</A
-></H1
-><P
->Within a library file, configuration file instructions are used to define the specific disk configuration. Each
- instruction can be used to define a file, directory, socket, or device on the client machine. The syntax for each valid
- instruction type is described briefly here; detailed descriptions of the fields appear in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Command
- Reference Manual</I
-></SPAN
->. <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> defines a directory</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> defines a file</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> defines a link</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->B</B
-></SPAN
-> defines a block special device</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->C</B
-></SPAN
-> defines a character special device</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> defines a socket</P
-></LI
-></UL
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Each configuration instruction must appear on a single, unbroken line. Instructions sometimes appear here on multiple
- lines only for legibility.</P
-><P
->The configuration file must be completely correct. If there are any syntax errors or incorrect values, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> command interpreter exits without executing any instruction.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ430"
->Local Files versus Symbolic Links</A
-></H2
-><P
->You can take advantage of the AFS by keeping the number of files on the local client disk to a minimum; instead, create
- symbolic links that point into AFS. This can improve machine performance by allowing more space for caching and
- swapping.</P
-><P
->Some files, however, must reside on the local disk, as described below. Create these files in the prototype or library
- files using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> (file) instruction, not the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> (symbolic
- link) instruction.</P
-><P
->The following types of files must reside on the local disk of all AFS clients: <UL
-><LI
-><P
->Boot sequence files executed before the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program runs.</P
-><P
->Until <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> runs and initializes the Cache Manager, AFS is inaccessible from the
- client. Any files that are executed before the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program runs must reside on the
- local client disk.</P
-><P
->For example, on a machine that uses a disk cache, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache</B
-></SPAN
-> directory
- must exist when you bring up the Cache Manager, so that there is a location to create cache files. The binary files
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/mount</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/umount</B
-></SPAN
-> must be available on the
- local disk as the machine boots in order to mount the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache</B
-></SPAN
-> directory.</P
-><P
->In addition, certain UNIX files, such as initialization files (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/rc</B
-></SPAN
-> or
- equivalent) and file system mapping files (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/fstab</B
-></SPAN
-> or equivalent), must reside on
- the local disk.</P
-></LI
-><LI
-><P
->Diagnostic and recovery files</P
-><P
->Certain commands can be used to diagnose and recover from problems caused by a file server outage. It is best to
- keep copies of the binaries for these commands on the local disk. For example, store the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> binaries in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory on the local disk, as well as in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws</B
-></SPAN
-> directory (which in the conventional configuration is a symbolic link into AFS). Then,
- set PATH variables so that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws</B
-></SPAN
-> directory appears before the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory. Thus, even if users cannot access AFS (for example, due to a file server
- outage) they can still access copies of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->
- binaries in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory on the local disk.</P
-></LI
-><LI
-><P
->Files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice</B
-></SPAN
-> directory</P
-><P
->The contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice</B
-></SPAN
-> directory, including the cache files in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cache</B
-></SPAN
-> subdirectory and the configuration files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
-> subdirectory, must reside on the local disk. For a description of the files in the directory,
- see <A
-HREF="c21473.html#HDRWQ391"
->Configuration and Cache-Related Files on the Local Disk</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ431"
->Defining a Directory</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction defines a directory to be created on the local disk. If a symbolic
- link, file, or other element on the local disk has the same name, it is replaced with a directory. If the directory already
- exists, its owner, group, and mode bits are changed if necessary to conform with the instruction.</P
-><P
->Use the following instruction to define a directory:</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->[update_code] directory owner group mode_bits
-</PRE
-><P
->The following example defines the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> directory:</P
-><PRE
-CLASS="programlisting"
-> D /usr root wheel 755
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ432"
->Defining a File</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction defines a file to be created on the local disk. The source file can
- reside in either AFS or the local disk.</P
-><P
->If a file of this name already exists, then it is updated with (overwritten by) the source file, unless the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->I</B
-></SPAN
-> update code is specified. If a symbolic link or directory of this name exists, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program replaces it with the source file.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Some files must reside on the local disk; they cannot be symbolic links. See <A
-HREF="c23832.html#HDRWQ430"
->Local Files
- versus Symbolic Links</A
->.</P
-></BLOCKQUOTE
-></DIV
-><P
->Use the following instruction to define a file:</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
->[update_code] file source_file [owner group mode_bits]
-</PRE
-><P
->An example which creates/updates the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/bin/grep</B
-></SPAN
-> on the local disk, using <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/rs_aix42/bin/grep</B
-></SPAN
-> as the source:</P
-><PRE
-CLASS="programlisting"
-> F /bin/grep /afs/abc.com/rs_aix42 root wheel 755
-</PRE
-><P
->In the following example, two update codes are used, and the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->owner</I
-></SPAN
->, <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->group</I
-></SPAN
-> and
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mode_bits</I
-></SPAN
-> slots are left empty, so that the disk file adopts the source file's values for those
- slots.</P
-><PRE
-CLASS="programlisting"
-> FAQ /usr/vice/etc/ThisCell /afs/abc.com/common/etc/ThisCell
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ433"
->Defining a Symbolic Link</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> instruction defines a symbolic link to be created on the local disk. The symbolic
- link can point to the AFS file system or the local disk. If the identical symbolic link already exists, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program does nothing. However, if an element of the same name exists on the disk as a file or
- directory, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program replaces the element with a symbolic link.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Some files must reside on the local disk; they cannot be symbolic links. See <A
-HREF="c23832.html#HDRWQ430"
->Local Files
- versus Symbolic Links</A
->.</P
-></BLOCKQUOTE
-></DIV
-><P
->Use the following instruction to define a symbolic link:</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
->[update_code] link actual_file [owner group mode_bits]
-</PRE
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Do not create a symbolic link to a file whose name begins with the number sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->#</B
-></SPAN
->) or
- percent sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->%</B
-></SPAN
->). The Cache Manager interprets such a link as a mount point to a regular or
- Read/Write volume, respectively.</P
-></BLOCKQUOTE
-></DIV
-><P
->The following example creates a symbolic link from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/ftpd</B
-></SPAN
-> directory on the local
- disk to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/hp_ux110/etc/ftpd</B
-></SPAN
-> file in AFS. Since the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->owner</I
-></SPAN
->,
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->group</I
-></SPAN
-> and <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mode_bits</I
-></SPAN
-> fields are empty, the symbolic link adopts values for those
- fields from the actual file:</P
-><PRE
-CLASS="programlisting"
-> L /etc/ftpd /afs/abc.com/hp_ux110
-</PRE
-><P
->This example uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> update code:</P
-><PRE
-CLASS="programlisting"
-> LA /etc/printcap /afs/abc.com/common/etc/printcap.remote
- root wheel 644
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ434"
->Defining a Block Special Device</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->B</B
-></SPAN
-> instruction defines a block special device, which is a device that handles data
- in units of multibyte blocks, such as a disk. If a device of the same name already exists, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program replaces it with the specified block device.</P
-><P
->Use the following instruction to define a block special device (it appears on two lines here only for
- legibility):</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->B</B
-></SPAN
-> device_name major_device_number minor_device_number \
- owner group mode_bits
-</PRE
-><P
->The following example defines a disk called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/hd0a</B
-></SPAN
-> to have major and minor device
- numbers <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> B /dev/hd0a 1 0 root wheel 644
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ435"
->Defining a Character Special Device</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->C</B
-></SPAN
-> instruction defines a character special device, which is device that handles data
- in units of a single character at a time, such as a terminal or tty. If a device of the same name already exists, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program replaces it with the specified character device.</P
-><P
->Use the following instruction to define a character special device (it appears here on two lines only for
- legibility):</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->C</B
-></SPAN
-> device_name major_device_number minor_device_number \
- owner group mode_bits
-</PRE
-><P
->The following example defines the tty called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/ttyp5</B
-></SPAN
-> with major and minor device
- numbers <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->6</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->5</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> C /dev/ttyp5 6 5 root wheel 666
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ436"
->Defining a Socket</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instruction defines a socket, which is communications device for UDP and TCP/IP
- connections. If a socket of the same name already exists, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program replaces
- it.</P
-><P
->Use the following instruction to define a socket:</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> socket_name [owner group mode_bits]
-</PRE
-><P
->The following example defines a socket called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/dev/printer</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> S /dev/printer root wheel 777
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ437"
->Constructing Prototype and Library Files</A
-></H1
-><P
->This section describes the general steps required to create <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> prototype and library
- files. Refer to the previous sections for guidelines, and the files in your <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->wsadmin</B
-></SPAN
-> directory
- for examples. The construction of prototype and library files is different for each cell.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_515"
->To construct a prototype file and its component library files</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Determine where the three <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->-related subdirectories (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
->) reside in your
- cell's file tree; the following instructions assume they were loaded into the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin</B
-></SPAN
-> directory, as described in the IBM AFS Quick
- Beginnings.</P
-></LI
-><LI
-><P
->Decide how many different functions you want client machines in your cell to perform. We recommend that you
- construct a separate prototype file for each function. Common functions include: <UL
-><LI
-><P
->Standard workstation: provides users with access to files in AFS</P
-></LI
-><LI
-><P
->Printer server: drives a printer; can be combined with "staff" functionality</P
-></LI
-><LI
-><P
->Backup machine: performs backups of AFS volumes to tape by running the AFS Backup System software</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Determine the minimum functionality needed for all clients (such as AFS setup) and place these generic definitions
- in one or more library files.</P
-></LI
-><LI
-><P
->For each type of client (printer server, backup machine, and so on), place all system-independent definitions in one
- file, and all operating-system dependent definitions in another file.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ438"
->The Package Makefile File</A
-></H1
-><P
->Once you have created the appropriate prototype and library files, you must compile the prototype for each system type.
- The result is a system-specific configuration file.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file defines the prototype and library files used and the order of
- compilation. We recommend that you create your <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file by modifying the example provided
- with the AFS distribution, as described in this section. In the conventional configuration, it is located at <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin/src/Makefile</B
-></SPAN
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_517"
->Overview</A
-></H2
-><P
->The following list summarizes the sections in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file, identifying each by the header name that begins the section. More detailed descriptions
- follow. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CONFIG=</B
-></SPAN
-></DT
-><DD
-><P
->Lists all of the configuration files to be created and defines which prototype files are compiled for which
- system types. See <A
-HREF="c23832.html#HDRWQ439"
->The CONFIG Section</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BASE_LIBS=</B
-></SPAN
-></DT
-><DD
-><P
->Lists the pathnames of all operating-system- and function independent library files included in any prototype
- files. See <A
-HREF="c23832.html#HDRWQ440"
->The BASE_LIBS Section</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->MACHINE_LIBS=</B
-></SPAN
-></DT
-><DD
-><P
->Lists the pathnames of all operating-system-specific library files included in any prototype files. See <A
-HREF="c23832.html#HDRWQ441"
->The MACHINE_LIBS Section</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->LIBS=</B
-></SPAN
-></DT
-><DD
-><P
->A one-line instruction that defines LIBS as the combination of BASE_LIBS and MACHINE_LIBS. See <A
-HREF="c23832.html#HDRWQ442"
->The LIBS Section</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.SUFFIXES</B
-></SPAN
-></DT
-><DD
-><P
->Defines all of the suffixes that can appear on a prototype or configuration file. See <A
-HREF="c23832.html#HDRWQ443"
->The .SUFFIXES Section</A
->.</P
-></DD
-></DL
-></DIV
-></P
-><P
->Finally, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file contains a set of instructions that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program follows to generate configuration files. It is not generally necessary to alter this
- section. See <A
-HREF="c23832.html#HDRWQ444"
->The Makefile Instructions Section</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ439"
->The CONFIG Section</A
-></H2
-><P
->As mentioned, a configuration file is a prototype file that has been compiled for a specific operating system type. The
- CONFIG section of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file defines the prototype files to compile for each system
- type. The resulting compiled file is a system-specific configuration file.</P
-><P
->Study the following example taken from the sample <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file. Configuration files
- are defined by specifying the prototype-system combination as prototype_file<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->sysname. Note
- that it is not necessary to generate a configuration file for each prototype-system type combination.</P
-><PRE
-CLASS="programlisting"
-> #Makefile...
- # (C) Copyright IBM Corporation 1999
- # Licensed Materials - Property of IBM
- # All Rights Reserved.
- #
- CONFIG = \
- staff.rs_aix42 \
- staff.alpha_dux40 \
- staff.xdm.alpha_dux40 \
- staff.sun4x_56 \
- staff.hp_ux110 \
- minimal.rs_aix42 \
- minimal.alpha_dux40 \
- minimal.hp_ux110 \
- minimal.sun4x_56
-</PRE
-><P
->An entry in the CONFIG section has the following format: <UL
-><LI
-><P
->The first part of the entry defines the prototype file and is the same as the prototype file name (without the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.proto</B
-></SPAN
-> extension). The second part of the entry indicates the system type for which the
- prototype file is to be compiled. A complete list of these suffixes is in the .SUFFIXES section of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file, as described in <A
-HREF="c23832.html#HDRWQ443"
->The .SUFFIXES Section</A
->. This
- prototype_file<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->sysname definition becomes the name of the compiled configuration
- file.</P
-><P
->For example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff.rs_aix42</B
-></SPAN
-> indicates that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff.proto</B
-></SPAN
-> file is compiled for machines running AIX 4.2. The resulting compiled configuration
- file is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff.rs_aix42</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Each configuration file must appear on a separate line.</P
-></LI
-><LI
-><P
->A backslash must follow the CONFIG= header and every name but the last one. A backslash must also appear on blank
- lines.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ440"
->The BASE_LIBS Section</A
-></H2
-><P
->This section defines the complete pathname of all system- and function-independent library files included in any
- prototype file. (System-specific library files are defined in the MACHINE_LIBS section). The pathnames can include the
- ${wsadmin} variable, whose value is supplied on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->make</B
-></SPAN
-> command line.</P
-><P
->You must include all of the library files referred to in your prototype files; files included but not used are
- ignored.</P
-><P
->Study the following example. Note that the all entries (except the last one) must be followed by a backslash.</P
-><PRE
-CLASS="programlisting"
-> BASE_LIBS = \
- ${wsadmin}/src/admin \
- ${wsadmin}/lib/devel \
- ${wsadmin}/lib/base.generic
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ441"
->The MACHINE_LIBS Section</A
-></H2
-><P
->This section lists the complete pathname of all operating-system-specific library files included in prototype files.
- (System- and function-independent library files are defined in the BASE_LIBS section.)</P
-><P
->Study the following example. Note that in this example, library files were grouped by operating-system type. Again, all
- lines (except the last one) must be followed by a backslash, the ${wsadmin} variable is allowed, and files included but not
- used are ignored.</P
-><PRE
-CLASS="programlisting"
-> MACHINE_LIBS = \
- ${wsadmin}/lib/rs_aix42.generic \
- ${wsadmin}/lib/rs_aix42.generic.dev \
- ${wsadmin}/lib/rs_aix42.readonly \
- ${wsadmin}/lib/rs_aix42.readwrite \
- ${wsadmin}/lib/rt_aix42.generic.printer \
- \
- .
- .
- ${wsadmin}/lib/alpha_dux40.AFS \
- ${wsadmin}/lib/hp_ux110.AFS \
- ${wsadmin}/lib/sun4x_56.AFS \
- ${wsadmin}/lib/rs_aix42.AFS
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ442"
->The LIBS Section</A
-></H2
-><P
->This section contains only one instruction, which indicates that LIBS is defined as the combination of MACHINE_LIBS and
- BASE_LIBS. Insert a blank line after the line to separate this section from the next.</P
-><PRE
-CLASS="programlisting"
-> LIBS = ${MACHINE_LIBS} ${BASE_LIBS}
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ443"
->The .SUFFIXES Section</A
-></H2
-><P
->This section lists the valid machine-type suffixes. This list includes system types currently supported for AFS. Unused
- suffixes are ignored.</P
-><PRE
-CLASS="programlisting"
-> .SUFFIXES: .rs_aix42 \
- .alpha_dux40 \
- .proto \
- .sun4x_56 \
- .i386_linux22 \
- .hp_ux110
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ444"
->The Makefile Instructions Section</A
-></H2
-><P
->The remainder of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file controls how the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program generates configuration files.</P
-><P
->Study the following instructions; it is assumed that you are familiar with programming and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> concepts.</P
-><PRE
-CLASS="programlisting"
-> #The following appear on a single line each in the actual file
- .proto.rs_aix42: ; mpp -Dwsadmin=${wsadmin} -Dsys=rs_aix42
- -Dname=$* $*.proto > $@
- .proto.alpha_dux40: ; mpp -Dwsadmin=${wsadmin} -Dsys=alpha_dux40
- -Dname=$* $*.proto > $@
- .proto.sun4x_56: ; mpp -Dwsadmin=${wsadmin} -Dsys=sun4x_56
- -Dname=$* $*.proto > $@
- .proto.hp_ux110: ; mpp -Dwsadmin=${wsadmin} -Dsys=hp_ux110
- -Dname=$* $*.proto > $@
- all: ${CONFIG}
- ${CONFIG}: ${LIBS}
- system: install
- install: ${CONFIG}
- cp ${CONFIG} ${wsadmin}/etc
- clean:
- rm -f ${CONFIG} *.BAK *.CKP
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ445"
->Modifying the Makefile</A
-></H1
-><P
->Modify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> files when you <UL
-><LI
-><P
->Add a new prototype file (function<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.proto</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->Add a new system type.</P
-></LI
-><LI
-><P
->Add new library files.</P
-></LI
-></UL
-></P
-><P
->The following sections provide brief examples of how to modify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file for
- these reasons.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_525"
->Adding a New Prototype File</A
-></H2
-><P
->When you create a new prototype file, add the file name and each system type for which it is to be built into the CONFIG
- section of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file.</P
-><P
->For example, to add a function<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.proto</B
-></SPAN
-> file for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->alpha_dux40</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->hp_ux110</B
-></SPAN
->, add the following entries to the CONFIG
- section:</P
-><PRE
-CLASS="programlisting"
-> CONFIG = \
- ...
- function.alpha_dux40 \
- function.hp_ux110 \
- ...
-</PRE
-><P
->If you have added new library files for this prototype function, add those to the MACHINE_LIBS section.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_526"
->Adding a New System Type</A
-></H2
-><P
->For each prototype file that you want to build for the new system type, add an entry to the CONFIG section. Also add any
- new libraries to the MACHINE_LIBS section, and the new system type to the .SUFFIXES section.</P
-><P
->The following example shows the modifications appropriate when building the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->minimal</B
-></SPAN
-> prototype files for this new system type.</P
-><PRE
-CLASS="programlisting"
-> CONFIG = \
- ...
- staff.sysname \
- minimal.sysname \
- ...
-</PRE
-><P
->If you have created corresponding library files for this new machine type, add them to the MACHINE_LIBS section.</P
-><PRE
-CLASS="programlisting"
-> MACHINE_LIBS = \
- ...
- ${wsadmin}/lib/sysname.generic \
- ${wsadmin}/lib/sysname.generic.dev \
- ${wsadmin}/lib/sysname.readonly \
- ${wsadmin}/lib/sysname.readwrite \
- ...
-</PRE
-><P
->Add the new system type to the SUFFIXES section.</P
-><PRE
-CLASS="programlisting"
-> .SUFFIXES: ...\
- .sysname \
- ...
-</PRE
-><P
->Add a line to build the configuration files for this system in the section with the rest of the commands to build
- configuration files:</P
-><PRE
-CLASS="programlisting"
-> .proto.sysname: ; mpp -Dwsadmin=${wsadmin} \
- -Dsys=sysname -Dname=$* $*.proto > $
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_527"
->Adding New Library Files</A
-></H2
-><P
->If you added a new library file for each system type, sysname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->library_file</I
-></SPAN
->, add these files to the MACHINE_LIBS section of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> MACHINE_LIBS = \
- ...
- ${wsadmin}/lib/rs_aix42.library_file \
- ...
- ${wsadmin}/lib/alpha_dux40.library_file \
- ...
- ${wsadmin}/lib/sun4x_56.library_file \
- ...
-</PRE
-><P
->If you added a new library file that is common to all system types, library_file, add this only to the BASE_LIBS
- section:</P
-><PRE
-CLASS="programlisting"
-> BASE_LIBS = \
- ...
- ${wsadmin}/lib/library_file \
- ...
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ446"
->Compiling Prototype Files</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program generates configuration files and installs them in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src</B
-></SPAN
-> subdirectories of the directory designated as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->wsadmin=</B
-></SPAN
-> on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->make</B
-></SPAN
-> command line. Recompile whenever you modify a
- prototype or library file.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_529"
->To compile prototype files</A
-></H2
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->These instructions assume that you store your <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->-related files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin</B
-></SPAN
-> directory. If you use a different directory,
- substitute its name for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin</B
-></SPAN
->.</P
-></BLOCKQUOTE
-></DIV
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have all privileges in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin</B
-></SPAN
-> directory and in its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lib</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
-> subdirectories. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listacl</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [dir/file path]
-</PRE
-></P
-></LI
-><LI
-><P
->Change to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin/src</B
-></SPAN
->
- subdirectory. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd /afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin/src</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Create a backup copy of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file included in the AFS distribution.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cp Makefile Makefile.example</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Modify the CONFIG, BASE_LIBS and MACHINE_LIBS sections of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Makefile</B
-></SPAN
-> file, as
- described in <A
-HREF="c23832.html#HDRWQ439"
->The CONFIG Section</A
->, <A
-HREF="c23832.html#HDRWQ440"
->The BASE_LIBS Section</A
->,
- and <A
-HREF="c23832.html#HDRWQ441"
->The MACHINE_LIBS Section</A
->.</P
-></LI
-><LI
-><P
->Compile the prototype files using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->make</B
-></SPAN
-> command.</P
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->wsadmin=</B
-></SPAN
-> argument to specify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->
- directory. This becomes the value of the ${wsadmin} variable in the prototype and the library files.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program generates configuration files and installs them in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src</B
-></SPAN
-> subdirectories of the directory designated
- as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->wsadmin=</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->make system wsadmin=/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin</B
-></SPAN
->
-</PRE
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ447"
->Modifying Client Machines</A
-></H1
-><P
->To prepare a client to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program automatically, perform the following
- steps. The instructions are generic because they do not refer to system-specific configuration files. If desired, you can invoke
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program with specific arguments, as described in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS
- Administration Reference</I
-></SPAN
->. <OL
-TYPE="1"
-><LI
-><P
->Specify the configuration file to use.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.package</B
-></SPAN
-> file in the client machine's root ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->) directory is redirected as an argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> command;
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.package</B
-></SPAN
-> file specifies which configuration file the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program uses.</P
-></LI
-><LI
-><P
->Make the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary available to the client, either by copying it to the local
- disk, or by creating a symbolic link to AFS. <UL
-><LI
-><P
->A symbolic link saves local disk space. However, when the file server machine that houses it is down, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary is inaccessible.</P
-></LI
-><LI
-><P
->Keeping the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary on the local disk enables you to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program even if file server is down. However, a file server machine outage usually
- makes it difficult to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program because most configuration file
- instructions refer to files in AFS. A local copy of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary can be
- useful if the files referred to in instructions are in replicated volumes.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Modify the client machine's initialization file to invoke the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program at
- reboot. The client machine reboots a second time if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program updates any files
- marked with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Q</B
-></SPAN
-> update code.</P
-></LI
-></OL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_531"
->To prepare a client machine to run the package program</A
-></H2
-><P
->Repeat these instructions on every client that runs the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program.</P
-><P
->These instructions assume that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> configuration files (created when the
- prototype files were compiled) reside in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin/etc</B
-></SPAN
-> directory. <OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by
- issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Create the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.package</B
-></SPAN
-> file in the root ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->)
- directory and specify the name of the prototype file to use. Do not include the system-type suffix (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.rs_aix42</B
-></SPAN
->); the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program automatically determines the
- correct machine type. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->echo "/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin/etc/</B
-></SPAN
->config_file<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->" >> /.package</B
-></SPAN
->
-</PRE
-></P
-><P
->For example, to configure a machine for a member of staff machine (assuming the proper prototype file had been
- defined and compiled for the system type), the appropriate command is:</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->echo "/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/wsadmin/etc/staff" >> /.package</B
-></SPAN
->
-</PRE
-></LI
-><LI
-><P
->Make the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary available on the local disk as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/package</B
-></SPAN
->. Issue one of the following commands, depending on whether you want to create a file
- or create a symbolic link.</P
-><P
->To store the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary locally, enter the following command:</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cp /afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->sysname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/etc/package /etc/package</B
-></SPAN
->
-</PRE
-><P
->To create a symbolic link, enter the following command:</P
-><PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ln -s /afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->sysname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/etc/package /etc/package</B
-></SPAN
->
-</PRE
-></LI
-><LI
-><P
->Add the following lines to the appropriate initialization file, after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
->
- command is invoked. If this is a file server machine, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bosserver</B
-></SPAN
-> command must follow
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> command.</P
-><P
->Using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-v</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-c</B
-></SPAN
-> options is recommended. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-v</B
-></SPAN
-> flag produces a detailed trace, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-c</B
-></SPAN
-> option
- appends the system type to the base name of the configuration file. See the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration
- Reference</I
-></SPAN
-> for a description of other options.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Replace the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->shutdown</B
-></SPAN
-> command with a similar command if it is not appropriate
- for rebooting your machine.</P
-></BLOCKQUOTE
-></DIV
-><PRE
-CLASS="programlisting"
-> if [ -f /etc/package ]; then
- if [ -f /.package ]: then
- /etc/package -v -c `cat /.package` >/dev/console
- else
- /etc/package -v >/dev/console
- fi
- case $? in
- 0)
- echo "Package completed successfully" >/dev/console 2>&1
- date >/dev/console 2>&1
- ;;
- 4)
- echo "Rebooting to restart system" >/dev/console 2>&1
- echo >/fastboot
- shutdown
- ;;
- *)
- echo "Update failed, continuing anyway" >/dev/console 2>&1
- ;;
- esac
- fi
-</PRE
-></LI
-></OL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ448"
->Running the package program</A
-></H1
-><P
->After you have created and compiled prototype files and modified client machines, you are ready to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program. It is probably most convenient to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->
- program automatically at reboot by invoking it in the machine's AFS initialization file, but you can also issue the command at
- the command shell prompt.</P
-><P
->The configuration file must be completely correct. If there are any syntax errors or incorrect values, the program exits
- without executing any instruction. To check the configuration file, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> command
- with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noaction</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-debug</B
-></SPAN
-> flags at the command shell
- prompt. They display a list of potential problems without actually executing instructions.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program follows these general rules. Complete explanations are in <A
-HREF="c23832.html#HDRWQ429"
->Package Configuration File Instruction Syntax</A
->. <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program does not delete any files from the disk unless the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->R</B
-></SPAN
-> update code was specified in the prototype file. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->R</B
-></SPAN
-> update
- code is associated with the parent directory, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program removes anything from
- the local disk directory that is not specified in the configuration file.</P
-></LI
-><LI
-><P
->Local files are updated only if they are out of date. For each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction in the
- configuration file, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program compares the time of the local file with the
- indicated source file. If the source file is newer than the local, the file is updated.</P
-></LI
-><LI
-><P
->When the initialization file is modified as recommended in <A
-HREF="c23832.html#HDRWQ447"
->Modifying Client
- Machines</A
->, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program reboots the workstation automatically if any files
- marked with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Q</B
-></SPAN
-> update code are updated, and if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program has been invoked from the initialization file. When a file marked with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Q</B
-></SPAN
-> update code is changed, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program exits with
- status code 4, causing a reboot (as directed in the initialization file). Files that require a reboot before changes are
- recognized (such as the operating system kernel and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> files) must
- be marked with a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Q</B
-></SPAN
-> update code in the configuration file.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program copies the configuration file it has just used to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/package.</B
-></SPAN
->sysname, where sysname reflects this machine's system type. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> command interpreter consults this file if you do not provide a configuration file name. To
- be sure that it configures the local disk as you wish, review its contents.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_533"
->To invoke the package program by rebooting</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Recommended)</B
-></SPAN
-> Verify the following: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.package</B
-></SPAN
-> file identifies the desired configuration file</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary is available as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/package</B
-></SPAN
-></P
-></LI
-><LI
-><P
->The initialization file is properly modified to invoke the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program
- automatically</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Reboot the machine, using the appropriate command. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->shutdown</B
-></SPAN
->
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_534"
->To invoke the package program directly (without rebooting)</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> on the machine, if you are not already, by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su root</B
-></SPAN
->
- Password: <<VAR
-CLASS="replaceable"
->root_password</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Verify the following: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.package</B
-></SPAN
-> file identifies the desired configuration file</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> binary is available as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/package</B
-></SPAN
-></P
-></LI
-><LI
-><P
->The initialization file is properly modified to invoke the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program
- automatically</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> # <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initcmd</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-config</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->base name of configuration file</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fullconfig</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->full name of configuration file, or stdin for standard input</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noaction</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-silent</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rebootfiles</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-config</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the full pathname of the configuration file to use, ending in the file's base name, which omits
- the suffix that indicates the machine type. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program knows how to
- determine a machine's type, and automatically selects the appropriate version of the base file name. An example of
- the proper value for this argument is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff</B
-></SPAN
-> rather than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff.rs_aix42</B
-></SPAN
->. You can also have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program
- refer to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/.package</B
-></SPAN
-> to learn the configuration file name by providing the
- following value:</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->`cat /.package`</B
-></SPAN
-></P
-><P
->Use either this argument or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fullconfig</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fullconfig</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the full name of the configuration file to use, complete with the machine-type extension. Examples
- are <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->staff.rs_aix42</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->minimal.hp_ux110</B
-></SPAN
->
- files.</P
-><P
->Another possibility is the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stdin</B
-></SPAN
->, which indicates that the issuer is
- providing configuration information via the standard input stream, either as a piped file or by typing the
- configuration file at the keyboard. Press <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-d</B
-></SPAN
->> to conclude the
- input.</P
-><P
->Use either this argument or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-config</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-></DT
-><DD
-><P
->Overwrite elements on the local disk with the source version indicated in the configuration file, even if
- the first (owner) <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) mode bit is turned
- off on the local disk copy of the file. Files protected by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->I</B
-></SPAN
-> update code are
- not overwritten; see the definition for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noaction</B
-></SPAN
-></DT
-><DD
-><P
->Displays on the standard output stream a trace of potential problems in running the command, rather than
- actually running it. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-> flag is added, the trace also notes the
- actions the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program attempts.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-silent</B
-></SPAN
-></DT
-><DD
-><P
->Explicitly invokes the default level of tracing, which includes only a list of problems encountered while
- executing the command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-></DT
-><DD
-><P
->Produces a detailed trace of the program's actions on the standard output stream. The trace records on the
- transfer and ownership/mode bit setting of each element in the configuration file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rebootfiles</B
-></SPAN
-></DT
-><DD
-><P
->Prevents the overwrite of any element marked with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Q</B
-></SPAN
-> update-mode code in
- the configuration file. This effectively prevents the machine from rebooting automatically again when the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program is invoked from an initialization file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you think files marked with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Q</B
-></SPAN
-> update code were updated, reboot the machine.
- This reboot does not occur automatically.</P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c21473.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="p24911.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Administering Client Machines and the Cache Manager</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p21471.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Managing Users and Groups</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Creating and Deleting User Accounts with the uss Command Suite</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing Users and Groups"
-HREF="p24911.html"><LINK
-REL="PREVIOUS"
-TITLE="Managing Users and Groups"
-HREF="p24911.html"><LINK
-REL="NEXT"
-TITLE="Administering User Accounts"
-HREF="c27596.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="p24911.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c27596.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ449"
-></A
->Chapter 12. Creating and Deleting User Accounts with the uss Command Suite</H1
-><P
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command suite helps you create and delete AFS user accounts quickly and easily. You
- can create a single account with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, delete a single account with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command, or create and delete multiple accounts with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- bulk</B
-></SPAN
-> command.</P
-><P
->A single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command can create a complete
- AFS user account because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter refers to a template file in which you
- predefine the configuration of many account components. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command deletes most of
- the components of a user account, but does not use a template file.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> suite also easily incorporates shell scripts or other programs that you write to
- perform parts of account creation and deletion unique to your site. To invoke a script or program automatically as a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command runs, use the appropriate instructions in the template file or bulk input file. Various
- sections of this chapter discuss possible uses for scripts.</P
-><P
->Using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands to create and delete accounts is the recommended method because it
- automates and correctly orders most of the necessary steps. The alternative is to issue a series of separate commands to the
- various AFS servers, which requires more careful record keeping. For instructions, see <A
-HREF="c27596.html"
->Administering User
- Accounts</A
->.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ450"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN24938"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="80*"><COL
-WIDTH="20*"><TBODY
-><TR
-><TD
->Add a single user account</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Delete a single user account</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Add and delete multiple accounts</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ452"
->Overview of the uss Command Suite</A
-></H1
-><P
->The commands in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> suite help you to automate the creation and deletion of AFS user
- accounts: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command creates all of the components of an account, one account at a
- time. It consults a template file that defines account configuration.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command deletes the major components of an account, one account at a
- time. It does not use a template file, so you possibly need to perform additional tasks manually.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command can create and delete multiple accounts. It refers to a bulk
- input file that can contain any number of account-creation and deletion instructions, along with other instructions for
- further automating the process.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_538"
->The Components of an AFS User Account</A
-></H2
-><P
->An AFS user account can have many components. The only two required components are entries in the Protection Database
- and Authentication Database, but the other components add functionality and usability. The following information also appears
- in a corresponding section of <A
-HREF="c27596.html"
->Administering User Accounts</A
->, but is repeated here for your
- convenience. <UL
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Protection Database entry</I
-></SPAN
-> defines the username (the name provided when authenticating with
- AFS), and maps it to an AFS user ID (AFS UID), a number that the AFS servers use internally when referencing users. The
- Protection Database also tracks the groups to which the user belongs. For details, see <A
-HREF="c29323.html"
->Administering the Protection Database</A
->.</P
-></LI
-><LI
-><P
->An <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Authentication Database entry</I
-></SPAN
-> records the user's AFS password in a scrambled form suitable
- for use as an encryption key.</P
-></LI
-><LI
-><P
->A home <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume</I
-></SPAN
-> stores all the files in the user's home directory together on a single
- partition of a file server machine. The volume has an associated quota that limits its size. For a complete discussion
- of volumes, see <A
-HREF="c8420.html"
->Managing Volumes</A
->.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mount point</I
-></SPAN
-> makes the contents of the user's volume visible and accessible in the AFS
- filespace, and acts as the user's home directory. For more details about mount points, see <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->.</P
-></LI
-><LI
-><P
->Full access permissions on the home directory's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->access control list (ACL)</I
-></SPAN
-> and ownership of
- the directory (as displayed by the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> command) enable the user to manage his
- or her files. For details on AFS file protection, see <A
-HREF="c31274.html"
->Managing Access Control
- Lists</A
->.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->local password file entry</I
-></SPAN
-> (in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> file or
- equivalent) of each AFS client machine enables the user to log in and access AFS files through the Cache Manager. A
- subsequent section in this chapter further discusses local password file entries.</P
-></LI
-><LI
-><P
->Other optional <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->configuration files</I
-></SPAN
-> make the account more convenient to use. Such files help
- the user log in and log out more easily, receive electronic mail, print, and so on.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ453"
->Privilege Requirements for the uss Commands</A
-></H2
-><P
->To issue <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands successfully, you usually need all of the standard AFS
- administrative privileges: membership in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group, inclusion in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file on every relevant server machine, and the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on your Authentication Database entry. For details on administrative privilege,
- see <A
-HREF="c32432.html"
->Managing Administrative Privilege</A
->. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
-></H2
-><P
->As for any complex operation, there are a number of possible reasons that an account-creation or deletion operation can
- halt before it completes. You can easily avoid several of the common reasons by making the following checks before issuing a
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command: <UL
-><LI
-><P
->Verify that you have all of the administrative privileges you need to complete an operation, as described in <A
-HREF="c24913.html#HDRWQ453"
->Privilege Requirements for the uss Commands</A
->. The instructions for using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- bulk</B
-></SPAN
-> commands include this check as a step.</P
-></LI
-><LI
-><P
->Proofread the template and bulk input files for correct syntax and acceptable values. For discussion, see <A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template File</A
-> and <A
-HREF="c24913.html#HDRWQ489"
->Constructing a Bulk Input
- File</A
->.</P
-></LI
-><LI
-><P
->Do not issue <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands when you are aware of network, server machine, or
- server process outages. Because <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> operations affect so many components of AFS, it is
- unlikely that the command can succeed when there are outages.</P
-></LI
-></UL
-></P
-><P
->Another way to avoid errors that halt an operation is to preview the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command by
- combining the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag with the other arguments to be used on the actual command. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter generates a screen trace of the actions to be performed by the actual
- command, without performing them.</P
-><P
->Using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag reveals many basic errors that can halt an operation,
- particularly the ones due to incorrect syntax in the command line, template file, or bulk input file. It does not catch all
- possible errors, however, because the command interpreter is not actually attempting to perform the actions it is tracing. For
- example, a Volume Server outage does not necessarily halt the volume creation step when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag is included, because the command interpreter is not actually contacting the server; such
- an outage halts the actual creation operation. </P
-><P
->When the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter encounters error conditions minor enough that they do
- not require halting the operation, it usually generates a message that begins with the string <SAMP
-CLASS="computeroutput"
->uss:
- Warning:</SAMP
-> and describes the action it is taking to avoid halting. For example, if a user's Protection Database
- entry already exists, the following message appears on the standard output stream:</P
-><PRE
-CLASS="programlisting"
-> uss: Warning: User 'user' already in the protection database
- The uid for user 'user' is AFS UID
-</PRE
-><P
->If an error is more serious, the word <SAMP
-CLASS="computeroutput"
->Warning</SAMP
-> does not appear in the message, which
- instead describes why the command interpreter cannot perform the requested action. Not all of these errors cause the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> operation to halt, but they still require you to take corrective action. For example, attempting to
- create a mount point fails if you lack the necessary permissions on the parent directory's ACL, or if the mount point pathname
- in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field is malformed. However, this error does not cause the
- creation operation to halt until later instructions in the template attempt to install subdirectories or files under the
- nonexistent mount point.</P
-><P
->If the command shell prompts returns directly after an error message, then the error generally was serious enough to
- halt the operation. When an error halts account creation or deletion, the best way to recover is to find and fix the cause,
- and then reissue the same <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command. </P
-><P
->The following list describes what happens when components of a user's account already exist when you reissue an
- account-creation command (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- bulk</B
-></SPAN
-> command when the bulk input file contains <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instructions): <UL
-><LI
-><P
->If the Protection Database entry already exists, a message confirms its existence and specifies the associated AFS
- UID.</P
-></LI
-><LI
-><P
->If the Authentication Database entry already exists, a message confirms its existence.</P
-></LI
-><LI
-><P
->If the volume and associated Volume Location Database (VLDB) entry already exist, a message confirms their
- existence. However, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter does alter the volume's quota, mount
- point, or ACL if any of the relevant fields in the template <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction have changed
- since the command last ran. If the value in the mount_point field has changed, the command interpreter creates the new
- mount point but does not remove any existing mount points.</P
-></LI
-><LI
-><P
->If any of the fields in the template <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> instruction have changed, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter makes the changes without comment.</P
-></LI
-><LI
-><P
->If a directory, file, or link defined by a template file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instruction already exists, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter
- replaces the existing element with one that conforms to the template definition. To control whether the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter prompts for confirmation that you wish to overwrite a given element, use
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command: <UL
-><LI
-><P
->If you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-> flag, the command interpreter automatically
- overwrites all elements without asking for confirmation.</P
-></LI
-><LI
-><P
->If you omit the flag, the command interpreter prompts once for each account to ask if you want to overwrite
- all elements associated with it.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->The command interpreter always reexecutes <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> instructions in the template file. If
- a command's result already holds, reissuing it has the same effect as reissuing it outside the context of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands.</P
-></LI
-></UL
-></P
-><P
->The following describes what happens when a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command references account
- components that have already been deleted. <UL
-><LI
-><P
->If the volume and VLDB entry no longer exist, a message confirms their absence.</P
-></LI
-><LI
-><P
->If the Authentication Database entry no longer exists, a message confirms its absence.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ455"
->Creating Local Password File Entries with uss</A
-></H1
-><P
->To obtain authenticated access to a cell's AFS filespace, a user must not only have a valid AFS token, but also an entry
- in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) of the AFS client machine. This section
- discusses why it is important for the user's AFS UID to match to the UNIX UID listed in the local password file, the appropriate
- value to put in the file's password field, and outlines a method for creating a single source password file.</P
-><P
->For instructions on using the template file's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction to generate local password
- file entries automatically as part of account creation, see <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password
- File</A
->.</P
-><P
->The following information also appears in a corresponding section of <A
-HREF="c27596.html"
->Administering User
- Accounts</A
->, but is repeated here for your convenience. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ456"
->Assigning AFS and UNIX UIDs that Match</A
-></H2
-><P
->A user account is easiest to administer and use if the AFS user ID number (AFS UID) and UNIX UID match. All instructions
- in the AFS documentation assume that they do.</P
-><P
->The most basic reason to make AFS and UNIX UIDs the same is so that the owner name reported by the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> commands makes sense for AFS files and directories.
- Following standard UNIX practice, the File Server records a number rather than a username in an AFS file or directory's owner
- field: the owner's AFS UID. When you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command, it translates the UID to a
- username according to the mapping in the local password file, not the AFS Protection Database. If the AFS and UNIX UIDs do not
- match, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command reports an unexpected (and incorrect) owner. The output can even
- vary on different client machines if their local password files map the same UNIX UID to different names.</P
-><P
->Follow the recommendations in the indicated sections to make AFS and UNIX UIDs match when you are creating accounts for
- various types of users: <UL
-><LI
-><P
->If creating an AFS account for a user who already has a UNIX UID, see <A
-HREF="c24913.html#HDRWQ459"
->Converting Existing
- UNIX Accounts with uss</A
->.</P
-></LI
-><LI
-><P
->If some users in your cell have existing UNIX accounts but the user for whom you are creating an AFS account does
- not, then it is best to allow the Protection Server to allocate an AFS UID automatically. To avoid overlap of AFS UIDs
- with existing UNIX UIDs, set the Protection Database's <SAMP
-CLASS="computeroutput"
->max user id</SAMP
-> counter higher than
- the largest UNIX UID, using the instructions in <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID
- Counters</A
->.</P
-></LI
-><LI
-><P
->If none of your users have existing UNIX accounts, allow the Protection Server to allocate AFS UIDs automatically,
- starting either at its default or at the value you have set for the <SAMP
-CLASS="computeroutput"
->max user id</SAMP
->
- counter.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ457"
->Specifying Passwords in the Local Password File</A
-></H2
-><P
->Authenticating with AFS is easiest for your users if you install and configure an AFS-modified login utility, which logs
- a user into the local file system and obtains an AFS token in one step. In this case, the local password file no longer
- controls a user's ability to login in most circumstances, because the AFS-modified login utility does not consult the local
- password file if the user provides the correct AFS password. You can nonetheless use a password file entry's password field
- (usually, the second field) in the following ways to control login and authentication: <UL
-><LI
-><P
->To prevent both local login and AFS authentication, place an asterisk ( * ) in the field. This is useful mainly in
- emergencies, when you want to prevent a certain user from logging into the machine.</P
-></LI
-><LI
-><P
->To prevent login to the local file system if the user does not provide the correct AFS password, place a character
- string of any length other than the standard thirteen characters in the field. This is appropriate if you want to allow
- only people with local AFS accounts to log into to your machines. A single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> or other
- character is the most easily recognizable way to do this.</P
-></LI
-><LI
-><P
->To enable a user to log into the local file system even after providing an incorrect AFS password, record a
- standard UNIX encrypted password in the field by issuing the standard UNIX password-setting command (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
-> or equivalent).</P
-></LI
-></UL
-></P
-><P
->If you do not use an AFS-modified login utility, you must place a standard UNIX password in the local password file of
- every client machine the user will use. The user logs into the local file system only, and then must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate with AFS. It is simplest if the passwords in the local password file and
- the Authentication Database are the same, but this is not required. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ458"
->Creating a Common Source Password File</A
-></H2
-><P
->This section explains how to create a common source version of the local password file when using <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands to create user accounts. The sequence of steps is as follows: <OL
-TYPE="1"
-><LI
-><P
->Include an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction in the template file to create a one-line file that has
- the format of a local password file entry.</P
-></LI
-><LI
-><P
->Incorporate the one-line file into the common source version of the local password file. It makes sense to store
- this file in AFS. See the following two example scripts for automating this step.</P
-></LI
-><LI
-><P
->Distribute the common password file to each client machine, perhaps by using the AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> utility as described in <A
-HREF="c23832.html"
->Configuring Client Machines with the
- package Program</A
->.</P
-></LI
-></OL
-></P
-><P
->As an example, the template file used by the ABC Corporation includes the following <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->
- instruction to create a file called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd_</B
-></SPAN
->username in the directory <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/common/etc/newaccts</B
-></SPAN
-> (the entire contents of the template file appear in <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
-> and a full description of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction
- appears in <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->):</P
-><PRE
-CLASS="programlisting"
-> E /afs/.abc.com/common/etc/newaccts/passwd_$USER 0644 root \
- "$USER:X:$UID:11:$NAME:$MTPT:/bin/csh"
-</PRE
-><P
->For the user Joe L. Smith with username <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
->, this instruction creates a file called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd_smith</B
-></SPAN
-> which contains the following line:</P
-><PRE
-CLASS="programlisting"
-> smith:X:1205:11:Joe L. Smith:/afs/abc.com/usr/usr1/smith:/bin/csh
-</PRE
-><P
->A shell script is probably the easiest way to incorporate a set of files created in this manner into a common source
- password file, and two sample shell scripts appear here. To automate the process even further, you can create a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cron</B
-></SPAN
-> process in a file server machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/BosConfig</B
-></SPAN
->
- directory to execute the shell script, perhaps each day at a given time; for details, see <A
-HREF="c6449.html#HDRWQ162"
->To create
- and start a new process</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The following example scripts are suggestions only. If you choose to use them, or to model similar scripts on them,
- you must test that your script has the desired result, preferably in a test environment.</P
-></BLOCKQUOTE
-></DIV
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Example C Shell Script</B
-></SPAN
-></P
-><P
->The first example is a simple C shell script suitable for the ABC Corporation cell. It incorporates the individual files
- found in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/common/uss/newaccts</B
-></SPAN
-> directory into a new version of the global
- password file found in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/common/etc</B
-></SPAN
-> directory, sorting the files into
- alphabetical order. It takes care to save the current version with a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.old</B
-></SPAN
-> extension, then
- removes the individual files when done.</P
-><PRE
-CLASS="programlisting"
-> set dir = /afs/.abc.com/common
- cat $dir/uss/newaccts/passwd_* $dir/etc/passwd >! $dir/etc/passwd.new
- mv $dir/etc/passwd $dir/etc/passwd.old
- sort $dir/etc/passwd.new > $dir/etc/passwd
- rm $dir/etc/passwd.new $dir/uss/newaccts/passwd_*
-</PRE
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Example Bourne Shell Script</B
-></SPAN
-></P
-><P
->The second, more elaborate, example is a Bourne shell script that first verifies that there are new <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd_</B
-></SPAN
->username files to be incorporated into the global password file. While running, it checks that
- each new entry does not already exist. Like the shorter C shell example, it incorporates the individual files found in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/common/uss/newaccts</B
-></SPAN
-> directory into a new version of the global <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
-> file found in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/common/etc</B
-></SPAN
-> directory.</P
-><PRE
-CLASS="programlisting"
-> #!/bin/sh
- DESTDIR=/afs/.abc.com/common/uss/newaccts
- cd $DESTDIR
- DEST=/afs/.abc.com/common/etc
- cp /afs/.abc.com/common/etc/passwd /afs/.abc.com/common/uss/newaccts/passwd
- echo "copied in passwd file."
- PASSWD=/afs/.abc.com/common/uss/newaccts/passwd
- ENTRIES=`ls passwd_*`
- case $ENTRIES in
- "")
- echo No new entry found to be added to passwd file
- ;;
- *)
- echo "Adding new users to passwd file."
- for i in $ENTRIES
- do
- cat $i | awk -F: '{print $1 > "foo"}'
- USER=`cat foo`
- case `egrep -e \^$USER\: $PASSWD` in
- "")
- echo adding $USER
- cat $i >> $PASSWD
- ;;
- *)
- echo $USER already in passwd file
- ;;
- esac
- mv $i ../old.passdir/done_${i}
- done
- cd /afs/.abc.com/common/uss/newaccts
- echo "sorting password file"
- sort ${PASSWD} > ${PASSWD}.sorted
- echo "installing files"
- install ${PASSWD}.sorted ${DEST}/passwd
- echo "Password file is built, sorted and installed."
- ;;
- esac
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ459"
->Converting Existing UNIX Accounts with uss</A
-></H1
-><P
->This section discusses the three main issues you need to consider if there are existing UNIX accounts to be converted to
- AFS accounts.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ460"
->Making UNIX and AFS UIDs Match</A
-></H2
-><P
->As previously mentioned, AFS users must have an entry in the local password file on every client machine from which they
- access the AFS filespace as an authenticated user. Both administration and use are much simpler if the UNIX UID and AFS UID
- match. When converting existing UNIX accounts, you have two alternatives: <UL
-><LI
-><P
->Make the AFS UIDs match the existing UNIX UIDs. In this case, you need to assign the AFS UID yourself as you
- create an AFS account: <UL
-><LI
-><P
->If using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> argument.</P
-></LI
-><LI
-><P
->If using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command, specify the desired UID in the uid field of
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction in the bulk input file.</P
-></LI
-></UL
-></P
-><P
->Because you are retaining the user's UNIX UID, you do not need to alter the UID in the local password file entry.
- However, if you are using an AFS-modified login utility, you possibly need to change the password field in the entry.
- For a discussion of how the value in the password field affects login with an AFS-modified login utility, see <A
-HREF="c24913.html#HDRWQ455"
->Creating Local Password File Entries with uss</A
->.</P
-><P
->If now or in the future you need to create AFS accounts for users who do not have an existing UNIX UID, then you
- must guarantee that new AFS UIDs do not conflict with any existing UNIX UIDs. The simplest way is to set the
- <SAMP
-CLASS="computeroutput"
->max user id</SAMP
-> counter in the Protection Database to a value higher than the largest
- existing UNIX UID. See <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->.</P
-></LI
-><LI
-><P
->Change the existing UNIX UIDs to match the new AFS UIDs that the Protection Server assigns automatically.</P
-><P
->Allow the Protection Server to allocate the AFS UIDs automatically as you create AFS accounts. For instructions on
- creating a new entry for the local password file during account creation, see <A
-HREF="c24913.html#HDRWQ455"
->Creating Local
- Password File Entries with uss</A
->.</P
-><P
->There is one drawback to changing the UNIX UID: any files and directories that the user owned in the local file
- system before becoming an AFS user still have the former UID in their owner field. If you want the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> commands to display the correct owner, you must
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command to change the value to the user's new UID, whether you are
- leaving the file in the local file system or moving it to AFS. See <A
-HREF="c24913.html#HDRWQ462"
->Moving Local Files into
- AFS</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ461"
->Setting the Password Field Appropriately</A
-></H2
-><P
->Existing UNIX accounts already have an entry in the local password file, probably with a (scrambled) password in the
- password field. You possibly need to change the value in the field, depending on the type of login utility you use:
- <UL
-><LI
-><P
->If the login utility is not modified for use with AFS, the actual password must appear (in scrambled form) in the
- password field of the local password file entry.</P
-></LI
-><LI
-><P
->If the login utility is modified for use with AFS, choose one of the acceptable values, each of which affects the
- login utility's behavior differently. See <A
-HREF="c24913.html#HDRWQ455"
->Creating Local Password File Entries with
- uss</A
->.</P
-></LI
-></UL
-></P
-><P
->If you choose to place an actual password in a local password file entry, then you can define a dummy password when you
- use a template file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction to create the entry, as described in <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->. Have the user issue the UNIX password-setting
- command (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
-> or equivalent) to replace the dummy with an actual secret password.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ462"
->Moving Local Files into AFS</A
-></H2
-><P
->New AFS users with existing UNIX accounts probably already own files and directories stored in a machine's local file
- system, and it usually makes sense to transfer them into the new home volume. The easiest method is to move them onto the
- local disk of an AFS client machine, and then use the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mv</B
-></SPAN
-> command to transfer them into
- the user's new AFS home directory.</P
-><P
->As you move files and directories into AFS, keep in mind that the meaning of their mode bits changes. AFS ignores the
- second and third sets of mode bits (group and other), and does not use the first set (the owner bits) directly, but only in
- conjunction with entries on the ACL (for details, see <A
-HREF="c31274.html#HDRWQ580"
->How AFS Interprets the UNIX Mode Bits</A
->).
- Be sure that the ACL protects the file or directory at least as securely as the mode bits.</P
-><P
->If you have chosen to change a user's UNIX UID to match a new AFS UID, you must change the ownership of UNIX files and
- directories as well. Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command on files and directories once they reside in AFS. </P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ463"
->Constructing a uss Template File</A
-></H1
-><P
->Creating user accounts with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands is generally more convenient than using
- individual commands. You control the account creation process just as closely, but the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
->
- template file enables you to predefine many aspects of account configuration. Because you construct the template before issuing
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands, you have time to consider configuration details carefully and correct syntax
- errors. The following list summarizes some further advantages of using a template: <UL
-><LI
-><P
->You do not have to remember the correct order in which to create or delete account components, or the order of each
- command's arguments, which reduces the likelihood of errors.</P
-></LI
-><LI
-><P
->You do not have to type the same information multiple times. Instead, you can place constants and variables in the
- template file that enable you to type as little on the command line as possible. See <A
-HREF="c24913.html#HDRWQ465"
->Using
- Constants and Variables in the Template File</A
->.</P
-></LI
-><LI
-><P
->You can create different templates for different types of users. Instead of having to remember which components
- differ for a given user, specify the appropriate template when issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->You can create any of the three types of AFS account (authentication-only, basic, or full) by including or omitting
- certain information in the template, as described in <A
-HREF="c24913.html#HDRWQ464"
->Creating the Three Types of User
- Accounts</A
->.</P
-></LI
-></UL
-></P
-><P
->The following list briefly describes the instructions that can appear in a template file and points you to a later section
- for more details. It lists them in the order that is usually optimal for correct handling of dependencies between the different
- types of instruction. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-></DT
-><DD
-><P
->Defines a directory that is one of a set of parent directories into which the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
->
- command interpreter evenly distributes newly created home directories. Place the corresponding template file variable,
- $AUTO, in the mount_point field of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction. See <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
-> and <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-></DT
-><DD
-><P
->Creates a volume, mounts it as the user's home directory at a specified location in the AFS filespace, sets the
- volume's quota, and defines the owner and ACL for the directory. This instruction must appear in any template that is
- not empty (zero-length). See <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-></DT
-><DD
-><P
->Creates a directory, generally a subdirectory of the new home directory, and sets its mode bits, owner, and ACL.
- See <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-></DT
-><DD
-><P
->Creates a file by copying a prototype and sets its mode bits and owner. See <A
-HREF="c24913.html#HDRWQ475"
->Creating a
- File from a Prototype with the F Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-></DT
-><DD
-><P
->Creates a single-line file by copying in the contents of the instruction itself, then sets the file's mode bits
- and owner. See <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-></DT
-><DD
-><P
->Creates a hard link. See <A
-HREF="c24913.html#HDRWQ477"
->Creating Links with the L and S Instructions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-></DT
-><DD
-><P
->Creates a symbolic link. See <A
-HREF="c24913.html#HDRWQ477"
->Creating Links with the L and S Instructions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-></DT
-><DD
-><P
->Improves account security by imposing restrictions on passwords and authentication attempts. See <A
-HREF="c24913.html#HDRWQ478"
->Increasing Account Security with the A Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-></DT
-><DD
-><P
->Executes a command. See <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->.</P
-></DD
-></DL
-></DIV
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ464"
->Creating the Three Types of User Accounts</A
-></H2
-><P
->Using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> commands, you can
- create three types of accounts that differ in their levels of functionality. For a description of the types, see <A
-HREF="c667.html#HDRWQ57"
->Configuring AFS User Accounts</A
->. The following list explains how to construct a template for each type:
- <UL
-><LI
-><P
->To create an authentication-only account, create an empty (zero-length) template file. Such an account has only
- two components: entries in the Authentication Database and Protection Database.</P
-></LI
-><LI
-><P
->To create a basic account, include a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> instructions if you want to distribute home directories evenly as described in <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
->. In addition to
- Authentication Database and Protection Database entries, this type of account includes a volume mounted at the home
- directory with owner and ACL set appropriately.</P
-></LI
-><LI
-><P
->To create a full account, include <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
->
- instructions as appropriate, in addition to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> instructions. This type of account includes configuration files for basic functions such as
- logging in, printing, and mail delivery. For a discussion of some useful types of configuration files, see <A
-HREF="c667.html#HDRWQ60"
->Creating Standard Files in New AFS Accounts</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ465"
->Using Constants and Variables in the Template File</A
-></H2
-><P
->Each instruction in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> template file has several fields that define the
- characteristics of the element that it creates. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction's fields, for instance,
- define a directory's pathname, owner, mode bits, and ACL.</P
-><P
->You can place three types of values in a field: a variable, a constant, or a combination of the two. The appropriate
- value depends on the desired configuration, and determines which arguments you provide to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- add</B
-></SPAN
-> command or which fields you include in a bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
->
- instruction.</P
-><P
->If an aspect of account configuration is the same for every user, define a constant value in the appropriate field by
- inserting a character string. For example, to assign a space quota of 10,000 KB to every user volume, place the string
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->10000</B
-></SPAN
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's quota field.</P
-><P
->If, on the other hand, an aspect of account configuration varies for each user, put a variable in the appropriate field.
- When creating each account, provide a value for the variable by providing either the corresponding argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or a value in the corresponding field of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
->
- instruction in the bulk input file.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command suite defines a set of template variables, each of which has a
- corresponding source for its value, as summarized in <A
-HREF="c24913.html#TBLWQ466"
->Table 3</A
->. For a discussion of their
- intended uses, see the following sections about each template instruction (<A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the
- V Instruction</A
-> through <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->).</P
-><DIV
-CLASS="table"
-><A
-NAME="TBLWQ466"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="20*"><COL
-WIDTH="80*"><THEAD
-><TR
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Variable</B
-></SPAN
-></TH
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Source for value</B
-></SPAN
-></TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->$AUTO</TD
-><TD
->Previous <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> instructions in template</TD
-></TR
-><TR
-><TD
->$MTPT</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mount</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or
- mount_point field of bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction, when in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction; <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field when in
- subsequent instructions</TD
-></TR
-><TR
-><TD
->$NAME</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-realname</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or
- mount_point field of bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction, if provided; otherwise,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or username field
- of in bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction</TD
-></TR
-><TR
-><TD
->$PART</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or
- partition field of bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction</TD
-></TR
-><TR
-><TD
->$PWEXPIRES</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or
- password_expires field of bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction</TD
-></TR
-><TR
-><TD
->$SERVER</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or
- file_server field of bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction</TD
-></TR
-><TR
-><TD
->$UID</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or uid field
- of bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction, if provided; otherwise, allocated automatically
- by Protection Server</TD
-></TR
-><TR
-><TD
->$USER</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or username
- field of bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction</TD
-></TR
-><TR
-><TD
->$1 through $9</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-var</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or var1
- through var9 fields of bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction</TD
-></TR
-></TBODY
-></TABLE
-><P
-><B
->Table 3. Source for values of uss template variables</B
-></P
-></DIV
-><P
->A common use of variables is to define the file server machine and partition that house the user's volume, which often
- vary from user to user. Place the $SERVER variable in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's server field, and
- the $PART variable in its partition field. If using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, provide the desired
- value with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments. If using
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command, provide the desired values in the file_server and partition fields of
- each user's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction in the bulk input file. </P
-><P
->The variables $1 through $9 can be used to customize other aspects of the account. Provide a value for these variables
- with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-var</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or in the
- appropriate field of the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-var</B
-></SPAN
-> argument is unusual in that each instance for it has two parts: the number index and the value,
- separated by a space. For examples of the use of a number variable, see the discussions of the mount_point and quota fields in
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->.</P
-><P
->If some aspect of account configuration is partly constant and partly variable, you can combine variables and constants
- in an instruction field. For example, suppose that the ABC Corporation mounts user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr</B
-></SPAN
-> directory. That part of the pathname is constant, but the name of the mount point and
- home directory is the user's username, which corresponds to the $USER variable. To configure accounts in this way, combine a
- constant string and a variable in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field as follows:</P
-><PRE
-CLASS="programlisting"
-> /afs/abc.com/usr/$USER
-</PRE
-><P
->Then provide the value for the $USER variable with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, or in the username field of each user's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
->
- instruction in the bulk input file. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ468"
->Where to Place Template Files</A
-></H2
-><P
->A template must be available to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter as it executes a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command, even if it is the zero-length file
- appropriate for creating an authentication-only account.</P
-><P
->If you do not provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-template</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command, then the command interpreter searches for a template file
- called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss.template</B
-></SPAN
-> in each of the following directories in turn: <OL
-TYPE="1"
-><LI
-><P
->The current working directory</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/cellname/common/uss</B
-></SPAN
->, where cellname is the local cell</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc</B
-></SPAN
-></P
-></LI
-></OL
-></P
-><P
->To use a template file with a different name or stored in a different directory, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-template</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- bulk</B
-></SPAN
-> command. If you provide a filename only, the command interpreter looks for it in the directories listed just
- previously. If you provide a pathname and filename, it looks only in the specified directory, interpreting a partial pathname
- relative to the current working directory. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ469"
->Some General Rules for Constructing a Template</A
-></H2
-><P
->This section summarizes some general rules to follow when constructing a template file. For each instruction's syntax
- definition, see the following sections (<A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G
- Instruction</A
-> through <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->). <UL
-><LI
-><P
->If a variable takes its value from an element elsewhere within the template, the definition must precede the
- reference. Putting the instruction lines in the following order usually results in correct resolution of
- variables:</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G V D F E L S A X</B
-></SPAN
-></P
-></LI
-><LI
-><P
->The fields in each instruction must appear in the order specified by the instruction's syntax definition, which
- appear in the following sections about each instruction. You cannot omit a field. Separate each field from its neighbors
- with one or more spaces.</P
-></LI
-><LI
-><P
->When specifying a pathname, provide a full one. Partial pathnames are interpreted relative to the current working
- directory (the one in which the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command is issued), with possibly unintended
- results.</P
-></LI
-><LI
-><P
->Each instruction must appear on a single line in the template file, with a newline character (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
->) only at the end of the instruction. Some example instructions appear in this
- document on more than one line, but that is only for legibility.</P
-></LI
-><LI
-><P
->Provide a value for every variable that appears in the template by including the corresponding argument to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or placing a value in the corresponding field of the bulk input file
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. A missing value halts the entire creation operation. If a variable
- does not appear in the template file, the command interpreter ignores the corresponding command-line argument or field
- in the bulk input file, even if you provide it.</P
-></LI
-><LI
-><P
->You can use blank lines in the template file to increase its legibility. If you place comments in the file, begin
- each comment line with the number sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->#</B
-></SPAN
->).</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ470"
->About Creating Local Disk Directories and Files</A
-></H2
-><P
->It is possible to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instructions to create directories or files in the local file system of the machine on which you are
- issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command, but that usage is not recommended. It introduces two potential
- complications: <UL
-><LI
-><P
->The local file system automatically assigns ownership of a new local disk directory or file to its creator.
- Because you are the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command that is creating the object, it records
- your current UNIX UID. If that is not appropriate and you want to designate another owner as the object is created, then
- you must be logged in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> (the local file system allows only
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> user to issue the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command, which
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter invokes to change the owner from the default value). You
- must also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command to authenticate as a privileged AFS administrator. Only an
- administrator can create Authentication Database and Protection Database entries, which the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter always creates as part of a new account.</P
-><P
->The alternative is to become the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> after the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> operation completes, and issue the necessary <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command
- then. However, that makes the account creation process that much less automated.</P
-></LI
-><LI
-><P
->Creating a local disk directory always generates an error message because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
->
- command interpreter cannot successfully set a local directory's ACL. The directory is created nevertheless, and a value
- still must appear in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction's ACL field.</P
-></LI
-></UL
-></P
-><P
->The recommended method for configuring a machine's local disk is to use the AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->
- utility instead; see <A
-HREF="c23832.html"
->Configuring Client Machines with the package Program</A
->. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ471"
->Example uss Templates</A
-></H2
-><P
->This section describes example templates for the basic and full account types (the template for an authentication-only
- account is empty).</P
-><P
->The first example creates a basic account. It contains two <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> instructions and a
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction that defines the volume name, file server machine, partition, quota in
- kilobytes, mount point, home directory owner, and home directory access control list. In the ABC Corporation cell, a suitable
- template is:</P
-><PRE
-CLASS="programlisting"
-> G /afs/.abc.com/usr1
- G /afs/.abc.com/usr2
- V user.$USER $SERVER.abc.com /vicep$PART 5000 $AUTO/$USER $UID \
- $USER all staff rl
-</PRE
-><P
->When issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command with this type of template, provide the following
- arguments: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> to specify the username for the $USER variable</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> to specify the unique part of the file server machine name for the
- $SERVER variable</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> to specify the unique part of the partition name for the $PART
- variable</P
-></LI
-></UL
-></P
-><P
->The Protection Server automatically assigns an AFS UID for the $UID variable, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
->
- instructions provide a value for the $AUTO variable.</P
-><P
->The following example template file creates a full account in the ABC Corporation cell. The following sections about
- each type of instruction describe the effect of the examples. Note that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instructions appear on two lines each only for the sake of legibility.</P
-><PRE
-CLASS="programlisting"
-> #
- # Specify the available grouping directories
- #
- G /afs/.abc.com/usr1
- G /afs/.abc.com/usr2
- #
- # Create the user's home volume
- #
- V user.$USER $SERVER.abc.com /vicep$PART 5000 /afs/.abc.com/$AUTO/$USER \
- $UID $USER all abc:staff rl
- #
- # Create directories and files for mail
- #
- D $MTPT/.MESSAGES 0700 $UID $USER all abc:staff none
- D $MTPT/.Outgoing 0700 $UID $USER rlidwk postman rlidwk
- D $MTPT/Mailbox 0700 $UID $USER all abc:staff none system:anyuser lik
- #
- # Here are some useful scripts for login etc.
- #
- F $MTPT/.Xbiff 0755 $UID /afs/abc.com/admin/user/proto
- F $MTPT/.Xresources 0644 $UID /afs/abc.com/admin/user/proto
- F $MTPT/.Xsession 0755 $UID /afs/abc.com/admin/user/proto
- F $MTPT/.cshrc 0755 $UID /afs/abc.com/admin/user/proto
- F $MTPT/.login 0755 $UID /afs/abc.com/admin/user/proto
- F $MTPT/.logout 0755 $UID /afs/abc.com/admin/user/proto
- F $MTPT/.twmrc 0644 $UID /afs/abc.com/admin/user/proto
- F $MTPT/preferences 0644 $UID /afs/abc.com/admin/user/proto
- #
- # Make a passwd entry
- #
- E /afs/.abc.com/common/etc/newaccts/passwd_$USER 0644 root \
- "$USER:X:$UID:11:$NAME:$MTPT:/bin/csh"
- #
- # Put in the standard password/authentication checks
- #
- A $USER 250 noreuse 9 25
- #
- # Create and mount a public volume for the user
- #
- X "create_public_vol $USER $1 $2"
- #
- # Here we set up the symbolic link to public directory
- #
- S /afs/abc.com/public/$USER $MTPT/public
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
-></H2
-><P
->In cells with thousands of user accounts, it often makes sense to distribute the mount points for user volumes into
- multiple parent directories, because placing them all in one directory noticeably slows down directory lookup when a user home
- directory is accessed. A possible solution is to create parent directories that group user home directories alphabetically, or
- that reflect divisions like academic or corporate departments. However, in a really large cell, some such groups can still be
- large enough to slow directory lookup, and users who belong to those groups are unfairly penalized every time they access
- their home directory. Another drawback to groupings that reflect workplace divisions is that you must move mount points when
- users change departmental affiliation.</P
-><P
->An alternative is an even distribution of user home directories into multiple parent directories that do not represent
- workplace divisions. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command suite enables you to define a list of directories by
- placing a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> instruction for each one at the top of the template file, and then using the
- $AUTO variable in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field. When the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter encounters the $AUTO variable, it substitutes the directory named by a
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> instruction that currently has the fewest entries. (Actually, the $AUTO variable can appear
- in any field that includes a pathname, in any type of instruction. In all cases, the command interpreter substitutes the
- directory that currently has the fewest entries.)</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> instruction's syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> G directory
-</PRE
-><P
->where directory specifies either a complete directory pathname or only the final element (the directory itself). The
- choice determines the appropriate value to place in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point
- field.</P
-><P
->Specify the read/write path to each directory, to avoid the failure that results when you attempt to create a new mount
- point in a read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the
- pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For further discussion of the concept
- of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-><P
->For example, the ABC Corporation example template for a full account in <A
-HREF="c24913.html#HDRWQ471"
->Example uss
- Templates</A
-> defines two directories:</P
-><PRE
-CLASS="programlisting"
-> G /afs/.abc.com/usr1
- G /afs/.abc.com/usr2
-</PRE
-><P
->and puts the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$AUTO/$USER</B
-></SPAN
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's
- mount_point field. An alternative with the same result is to define the directories as follows:</P
-><PRE
-CLASS="programlisting"
-> G usr1
- G usr2
-</PRE
-><P
->and specify a more complete pathname in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field:
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/$AUTO/$USER</B
-></SPAN
->. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ473"
->Creating a Volume with the V Instruction</A
-></H2
-><P
->Unless the template file is empty (zero-length), one and only one <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction must
- appear in it. (To create other volumes for a user as part of a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> account-creation
- operation, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> instruction to invoke the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
->
- command or a script that invokes that command along with others, such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
->
- command. For an example, see <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->.)</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction defines the following AFS entities:</P
-><UL
-><LI
-><P
->A volume and associated VLDB entry</P
-></LI
-><LI
-><P
->The volume's site (file server machine and partition)</P
-></LI
-><LI
-><P
->The volume's mount point in the AFS filespace, which becomes the user's home directory</P
-></LI
-><LI
-><P
->The volume's space quota</P
-></LI
-><LI
-><P
->The home directory's owner, usually the new user</P
-></LI
-><LI
-><P
->The home directory's ACL, which normally at least grants all permissions to the user</P
-></LI
-></UL
-><P
->The following discussion of the fields in a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction refers to the example in the
- full account template from <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
-> (the instruction appears here on two lines
- only for legibility):</P
-><PRE
-CLASS="programlisting"
-> V user.$USER $SERVER.abc.com /vicep$PART 5000 \
- /afs/.abc.com/$AUTO/$USER $UID $USER all abc:staff rl
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> V volume_name server partition quota mount_point owner ACL
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-></DT
-><DD
-><P
->Indicates a volume creation instruction.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume_name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the volume's name as recorded in the VLDB.</P
-><P
->To follow the convention of including the user's name as part of the volume name, include the $USER variable in
- this field. The variable takes its value from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or from the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction's
- username field.</P
-><P
->The ABC Corporation example uses the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.$USER</B
-></SPAN
-> to assign the
- conventional volume name, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
->username. When creating an account for user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
->, for example, you then include <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user smith</B
-></SPAN
-> as an
- argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, or place the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
-> in the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction's username
- field.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->server</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine on which to create the new volume. It is best to provide a fully qualified host
- name (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->), but an abbreviated form is acceptable if the cell's
- naming service is available to resolve it at the time the volume is created.</P
-><P
->To place different users' volumes on different file server machines, use the $SERVER variable in this field, and
- provide a value for it either with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or in the server field of the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. One easy way to specify a fully qualified hostname without having to type it
- completely on the command line is to combine a constant and the $SERVER variable. Specifically, the constant specifies
- the domain-name suffix common to all the file server machines.</P
-><P
->In the ABC Corporation example, all of the file server machines in the cell share the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> domain name suffix, so the server field combines a variable and constant: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$SERVER.abc.com</B
-></SPAN
->. To place the new volume on the machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->, you then include <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server fs1</B
-></SPAN
-> as an argument to
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, or place the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1</B
-></SPAN
-> in the
- bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction's server field.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the partition on which to create the user's volume; it must be on the file server machine named in the
- server field. Identify the partition by its complete name (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
->) or
- use one of the abbreviations listed in <A
-HREF="a33826.html#HDRWQ615"
->Rules for Using Abbreviations and
- Aliases</A
->.</P
-><P
->To place different users' volumes on different partitions, use the $PART variable in this field, and provide a
- value for it either with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- add</B
-></SPAN
-> command or in the partition field of the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
->
- instruction. Because all full partition names start with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicep</B
-></SPAN
-> string, it is
- convenient to combine that string as a constant with the $PART variable.</P
-><P
->The ABC Corporation example template combines the constant string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicep</B
-></SPAN
-> and
- the $PART variable in this way, as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicep$PART</B
-></SPAN
->. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quota</B
-></SPAN
-></DT
-><DD
-><P
->Sets the maximum number of kilobyte blocks the volume can occupy on the file server machine's disk. It must be
- an integer. If you assign the same quota to all user volumes, specify a constant value. To assign different quotas to
- different volumes, place one of the number variables ($1 through $9) in this field, and provide a value for it either
- with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-var</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or in
- the appropriate field of the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction.</P
-><P
->The ABC Corporation example grants a 5000 KB initial quota to every new user. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mount_point</B
-></SPAN
-></DT
-><DD
-><P
->Creates a mount point for the volume, which serves as the volume's root directory and the user's home directory.
- By convention, user home directory names include the username, which you can read in by including the $USER variable
- in this field.</P
-><P
->Specify the read/write path to the mount point, to avoid the failure that results when you attempt to create the
- new mount point in a read-only volume. By convention, you indicate the read/write path by placing a period before the
- cell name at the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). If you use the
- $AUTO variable in this field, the directories named by each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> instruction possibly
- already indicate the read/write path. For further discussion of the concept of read/write and read-only paths through
- the filespace, see <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-><P
->If other parts of the mount point name also vary from user to user, you can use the $MTPT variable in this
- field, and provide a value with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mount</B
-></SPAN
-> argument or in the mount_point field of a bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. Note, however, that when the $MTPT variable appears in subsequent instructions
- in the template (usually, in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instructions), it instead takes as its value the complete contents of this field.</P
-><P
->Combine constants and variables based on how you have decided to group home directories together in one or more
- parent directories. Note that the parent directories must already exist before you run a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command that references the template. Possibilities for
- grouping home directories include the following: <UL
-><LI
-><P
->Placing all user home directories in a single parent directory; the name <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> is an AFS-appropriate variation on the
- UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> convention. This choice is most appropriate for a cell with a small
- number of user accounts. The simplest way to implement this choice is to combine a constant string and the $USER
- variable, as in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/usr/$USER</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Distributing home directories evenly into a set of parent directories that do not correspond to workplace
- divisions. This choice is appropriate in cells with tens of thousands of accounts, where the number of home
- directories is large enough to slow directory lookup significantly if they all reside together in one parent
- directory, but distribution according to workplace divisions is not feasible.</P
-><P
->The $AUTO variable is designed to distribute home directories evenly in this manner. As explained in <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
->, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter substitutes the directory that is defined by a preceding
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
-> template instruction and that currently has the fewest entries. The example
- ABC Corporation template illustrates this choice by using the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/$AUTO/$USER</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Distributing home directories into multiple directories that reflect divisions like academic or corporate
- departments. Perhaps the simplest way to implement this scheme is to use the $MTPT variable to represent the
- department, as in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.ghi.com/usr/$MTPT/$USER</B
-></SPAN
->. You then provide <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user smith</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mount acctg</B
-></SPAN
-> arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command to create the mount point <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.ghi.com/usr/acctg/smith</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Distributing home directories into alphabetic subdirectories of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr/a</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr/b</B
-></SPAN
-> and so on), based on the first
- letter or letters in the username. The advantage is that knowing the username enables you easily to locate a
- home directory. A potential drawback is that the distribution is not likely to be even, and if there are a large
- number of accounts, then slowed directory lookup unfairly affects users whose names begins with popular
- letters.</P
-><P
->Perhaps the simplest way to implement this scheme is to use the $MTPT variable to represent the letter or
- letters, as in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.jkl.com/usr/$MTPT/$USER</B
-></SPAN
->. Then provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user smith</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mount s/m</B
-></SPAN
-> arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command to create the mount point <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.jkl.com/usr/s/m/smith</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the username or UID of the user to be designated the mount point's owner in the output from the UNIX
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> command. To follow the standard convention for home directory ownership, use
- the $UID variable in this field, as in the ABC Corporation example template. The Protection Server then automatically
- assigns an AFS UID unless you provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or fill in the uid field in the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. (If you are converting existing UNIX accounts, see the discussion of
- additional considerations in <A
-HREF="c24913.html#HDRWQ459"
->Converting Existing UNIX Accounts with uss</A
->.) </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ACL</B
-></SPAN
-></DT
-><DD
-><P
->Sets the ACL on the new home directory. Provide one or more paired values, each pair consisting of an AFS
- username or group name and the desired permissions, in that order (a group name must already exist in the Protection
- Database to be used). Separate the two parts of the pair, and each pair, with a space. For a discussion of the
- available permissions, see <A
-HREF="c31274.html#HDRWQ567"
->The AFS ACL Permissions</A
->.</P
-><P
->At minimum, grant all permissions to the new user by including the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$USER
- all</B
-></SPAN
-> in this field. The File Server automatically grants all permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group as well. You cannot grant permissions to the issuer of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command, because as the last step in account creation the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter automatically deletes that user from any ACLs set during the creation
- process.</P
-><P
->The ABC Corporation example uses the following value to grant all permissions to the new user and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions to the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc:staff</B
-></SPAN
->
- group:</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$USER all abc:staff rl</B
-></SPAN
-></P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ474"
->Creating a Directory with the D Instruction</A
-></H2
-><P
->Each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction in the template file creates a directory; there is no limit on the
- number of them in the template. If a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction creates a subdirectory in a new user's
- home directory (its intended use), then it must follow the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction. Creating a
- directory on the local disk of the machine where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command runs is not recommended for
- the reasons outlined in <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and Files</A
->.</P
-><P
->The following discussion of the fields in a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction refers to one of the examples
- in the full account template in <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->:</P
-><PRE
-CLASS="programlisting"
-> D $MTPT/Mailbox 0700 $UID $USER all abc:staff none system:anyuser lik
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction's syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> D pathname mode_bits owner ACL
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-></DT
-><DD
-><P
->Indicates a directory creation instruction.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pathname</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the directory's full pathname. If it is a subdirectory of the user's home directory, it is simplest to
- use the $MTPT variable to specify the home directory pathname. When the $MTPT variable appears in a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction, it takes its value from the preceding <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->
- instruction's mount_point field (this dependency is why a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction must follow
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction).</P
-><P
->Specify the read/write pathname to the directory, to avoid the failure that results when you attempt to create a
- new directory in a read-only volume. By convention, you indicate the read/write path by placing a period before the
- cell name at the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). If you use the
- $MTPT variable in this field, the value in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field
- possibly already indicates the read/write path. For further discussion of the concept of read/write and read-only
- paths through the filespace, see <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-><P
->The ABC Corporation example uses the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$MTPT/Mailbox</B
-></SPAN
-> to place the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Mailbox</B
-></SPAN
-> subdirectory in the user's home directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mode_bits</B
-></SPAN
-></DT
-><DD
-><P
->Defines the directory's UNIX mode bits. Acceptable values are the standard three- or four-digit numbers
- corresponding to a combination of permissions. Examples: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0755</B
-></SPAN
-> corresponds to
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rwxr-xr-x</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0644</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rw-r--r--</B
-></SPAN
->. The first (owner) <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->x</B
-></SPAN
-> bit must be turned on to enable
- access to a directory.</P
-><P
->The ABC Corporation example uses the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0700</B
-></SPAN
-> to set the mode bits on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Mailbox</B
-></SPAN
-> subdirectory to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rwxr-----</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the username or UID of the user to be designated the directory's owner in the output from the UNIX
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> command.</P
-><P
->If the directory resides in AFS, place the $UID variable in this field, as in the ABC Corporation example
- template. The Protection Server then automatically assigns an AFS UID unless you provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or fill in the uid field
- in the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. (If you are converting existing UNIX
- accounts, see the discussion of additional considerations in <A
-HREF="c24913.html#HDRWQ459"
->Converting Existing UNIX
- Accounts with uss</A
->.)</P
-><P
->If the directory resides on the local disk, it is simplest to specify the username or UNIX UID under which you
- are issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command. For a discussion of the complications that arise from
- designating another user, see <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and Files</A
->.
- </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ACL</B
-></SPAN
-></DT
-><DD
-><P
->Sets the ACL on the new directory. Provide one or more paired values, each pair consisting of an AFS username or
- group name and the desired permissions, in that order (a group name must already exist in the Protection Database to
- be used). Separate the two parts of the pair, and each pair, with a space. For a description of the available
- permissions, see <A
-HREF="c31274.html#HDRWQ567"
->The AFS ACL Permissions</A
->.</P
-><P
->At minimum, grant all permissions to the new user by including the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$USER
- all</B
-></SPAN
->. You cannot grant permissions to the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command,
- because as the last step in account creation the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter
- automatically deletes that user from any ACLs set during the creation process. An error message always appears if the
- directory is on the local disk, as detailed in <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and
- Files</A
->.</P
-><P
->The ABC Corporation example uses the following value to grant all permissions to the new user, no permissions to
- the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc:staff</B
-></SPAN
-> group, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lock</B
-></SPAN
->)
- permissions to the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group:</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$USER all abc:staff none system:anyuser lik</B
-></SPAN
-></P
-><P
->It grants such extensive permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group to enable any
- system user (including a mail-delivery daemon) to insert mail into the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Mailbox</B
-></SPAN
->
- directory. The absence of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission
- prevents members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group from reading the mail files.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ475"
->Creating a File from a Prototype with the F Instruction</A
-></H2
-><P
->Each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction in the template file creates a file by copying the contents of an
- existing prototype file; there is no limit on the number of them in the template, and each can refer to a different prototype.
- If an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction creates a file in a new user's home directory or a subdirectory of it
- (the intended use), then it must follow the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->
- instruction that creates the parent directory. Creating a file on the local disk of the machine where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command runs is not recommended for the reasons detailed in <A
-HREF="c24913.html#HDRWQ470"
->About Creating
- Local Disk Directories and Files</A
->.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction also creates a file, but the two types of instruction have
- complementary advantages. Files created with an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction can be customized for each
- user, because variables can appear in the field that specifies the contents of the file. In contrast, the contents of a file
- created using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction are the same for every user. An <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> file can be only a single line, however, whereas an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> file can be
- any length.</P
-><P
->The following discussion of the fields in a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction refers to one of the examples
- in the full account template in <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->:</P
-><PRE
-CLASS="programlisting"
-> F $MTPT/.login 0755 $UID /afs/abc.com/admin/user/proto
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction's syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> F pathname mode_bits owner prototype_file
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-></DT
-><DD
-><P
->Indicates a file creation instruction.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pathname</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the full pathname of the file to create, including the filename. If it resides in the user's home
- directory or a subdirectory of it, it is simplest to use the $MTPT variable to specify the home directory pathname.
- When the $MTPT variable appears in an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction, it takes its value from the
- preceding <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field (this dependency is why an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction must follow the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction).</P
-><P
->Specify the read/write path to the file, to avoid the failure that results when you attempt to create a new file
- in a read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the
- pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). If you use the $MTPT variable
- in this field, the value in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field possibly already
- indicates the read/write path. For further discussion of the concept of read/write and read-only paths through the
- filespace, see <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-><P
->The ABC Corporation example uses the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$MTPT/.login</B
-></SPAN
-> to place a file called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> in the user's home directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mode_bits</B
-></SPAN
-></DT
-><DD
-><P
->Defines the file's UNIX mode bits. Acceptable values are the standard three- or four-digit numbers corresponding
- to a combination of permissions. Examples: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0755</B
-></SPAN
-> corresponds to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rwxr-xr-x</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0644</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rw-r--r--</B
-></SPAN
->.</P
-><P
->The ABC Corporation example uses the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0755</B
-></SPAN
-> to set the mode bits on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> file to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rwxr-xr-x</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the username or UID of the user to be designated the file's owner in the output from the UNIX
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command.</P
-><P
->If the file resides in AFS, place the $UID variable in this field, as in the ABC Corporation example template.
- The Protection Server then automatically assigns an AFS UID unless you provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or fill in the uid field
- in the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. (If you are converting existing UNIX
- accounts, see the discussion of additional considerations in <A
-HREF="c24913.html#HDRWQ459"
->Converting Existing UNIX
- Accounts with uss</A
->.)</P
-><P
->If the file resides on the local disk, it is simplest to specify the username or UNIX UID under which you are
- issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command. For a discussion of the complications that arise from
- designating another user, see <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and Files</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->prototype_file</B
-></SPAN
-></DT
-><DD
-><P
->Names the AFS or local directory that houses the prototype file to copy. The prototype file's name must match
- the final element in the pathname field.</P
-><P
->The ABC Corporation example references a prototype file called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> in the
- directory <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/admin/user/proto</B
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ476"
->Creating One-Line Files with the E Instruction</A
-></H2
-><P
->Each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction in the template file creates a file by echoing a specified single
- line into it; there is no limit on the number of them in the template. If an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction
- creates a file in a new user's home directory or a subdirectory of it (the intended use), then it must follow the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction that creates the parent directory. Creating a file
- on the local disk of the machine where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command runs is not recommended for the
- reasons detailed in <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and Files</A
->.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction also creates a file, but the two types of instruction have
- complementary advantages. Files created with an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction can be customized for each
- user, because variables can appear in the field that specifies the contents of the file. The command interpreter replaces the
- variables with appropriate values before creating the file. In contrast, the contents of a file created using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> instruction are the same for every user. An <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> file can be only a
- single line, however, whereas an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
-> file can be any length.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction is particularly suited to creating an entry for the new user in the
- cell's common source password file, which is then copied to client machines to serve as the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent). The following discussion of the fields refers to an example of this type of
- use, from the ABC Corporation's full account template shown in <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->. For
- further discussion of how to incorporate the files created in this way into a common source password file, see <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password File</A
->.</P
-><PRE
-CLASS="programlisting"
-> E /afs/.abc.com/common/etc/newaccts/passwd_$USER 0644 root \
- "$USER:X:$UID:11:$NAME:$MTPT:/bin/csh"
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction's syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> E pathname mode_bits owner "contents"
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-></DT
-><DD
-><P
->Indicates a file creation instruction.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pathname</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the full pathname of the file to create, including the filename. It can include variables. If it
- resides in the user's home directory or a subdirectory of it, it is simplest to use the $MTPT variable to specify the
- home directory pathname. When the $MTPT variable appears in an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction, it
- takes its value from the preceding <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field (this dependency
- is why an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction must follow the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->
- instruction.)</P
-><P
->Specify the read/write path to the file, to avoid the failure that results when you attempt to create a new file
- in a read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the
- pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). If you use the $MTPT variable
- in this field, the value in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field possibly already
- indicates the read/write path. For further discussion of the concept of read/write and read-only paths through the
- filespace, see <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-><P
->The ABC Corporation example writes the file created by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
-> instruction to
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/common/etc/newaccts</B
-></SPAN
-> directory, naming it after the new user:</P
-><PRE
-CLASS="programlisting"
-> /afs/.abc.com/common/etc/newaccts/passwd_$USER
-</PRE
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mode_bits</B
-></SPAN
-></DT
-><DD
-><P
->Defines the file's UNIX mode bits. Acceptable values are the standard three- or four-digit numbers corresponding
- to a combination of permissions. Examples: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0755</B
-></SPAN
-> corresponds to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rwxr-xr-x</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0644</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rw-r--r--</B
-></SPAN
->.</P
-><P
->The ABC Corporation example uses the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0644</B
-></SPAN
-> to set the mode bits on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd_</B
-></SPAN
->user file to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r-xr--r--</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the username or UID of the user to be designated the file's owner in the output from the UNIX
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command.</P
-><P
->If the file resides in AFS and is to be owned by the user, place the $UID variable in this field. The Protection
- Server then automatically assigns an AFS UID unless you provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> argument to
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command or fill in the uid field in the bulk input file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. (If you are converting existing UNIX accounts, see the discussion of
- additional considerations in <A
-HREF="c24913.html#HDRWQ459"
->Converting Existing UNIX Accounts with uss</A
->.)</P
-><P
->If the file resides on the local disk, specify the username or UNIX UID under which you are issuing the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command. For a discussion of the complications that arise from designating
- another user, see <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and Files</A
->.</P
-><P
->The ABC Corporation example is creating an AFS file intended for incorporation into the common password file,
- rather than for direct use by the new user. It therefore designates the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> as the owner of the new file. Designating an alternate owner on an AFS file does not
- introduce complications: issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command on AFS files requires membership
- in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group, but the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command is necessarily authenticated as a member of that group.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->contents</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the one-line character string to write into the new file. Surround it with double quotes if it
- contains one or more spaces. It cannot contain the newline character, but can contain any of the standard variables,
- which the command interpreter resolves as it creates the file.</P
-><P
->The ABC Corporation example has the following value in the contents field, to create a password file
- entry:</P
-><PRE
-CLASS="programlisting"
-> $USER:X:$UID:10:$NAME:$MTPT:/bin/csh
-</PRE
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ477"
->Creating Links with the L and S Instructions</A
-></H2
-><P
->Each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> instruction in the template file creates a hard link between two files, as
- achieved by the standard UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ln</B
-></SPAN
-> command. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instruction
- creates a symbolic link between two files, as achieved by the standard UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ln -s</B
-></SPAN
-> command. An
- explanation of links is beyond the scope of this document, but the basic effect in both cases is to create a second name for
- an existing file, so that it can be accessed via either name. Creating a link does not create a second copy of the
- file.</P
-><P
->There is no limit on the number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instructions
- in a template file. If the link is in a new user's home directory or a subdirectory of it (the intended use), then it must
- follow the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
-> instruction that creates the parent
- directory, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> instruction that creates the file being linked to. Creating a file on the local disk of the machine
- where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command runs is not recommended, for the reasons detailed in <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and Files</A
->.</P
-><P
->Note that AFS allows hard links only between files that reside in the same directory. This restriction is necessary to
- eliminate the confusion that results from associating two potentially different ACLs (those of the two directories) with the
- same file. Symbolic links are legal between two files that reside in different directories and even in different volumes. The
- ACL on the actual file applies to the link as well.</P
-><P
->You do not set the owner or mode bits on a link created with an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instruction, as you do for directories or files. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command
- interpreter automatically records the UNIX UID of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command's issuer as the owner, and
- sets the mode bits to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lrwxrwxrwx</B
-></SPAN
-> (777).</P
-><P
->The following discussion of the fields in an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
->
- instruction refers to an example in the full account template from <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->,
- namely</P
-><PRE
-CLASS="programlisting"
-> S /afs/abc.com/public/$USER $MTPT/public
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instructions' syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> L existing_file link
- S existing_file link
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-></DT
-><DD
-><P
->Indicates a hard link creation instruction.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-></DT
-><DD
-><P
->Indicates a symbolic link creation instruction.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->existing_file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete pathname of the existing file. If it resides in the user's home directory or a
- subdirectory of it, it is simplest to use the $MTPT variable to specify the home directory pathname. When the $MTPT
- variable appears in an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instruction, it takes
- its value from the preceding <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field (this dependency is
- why the instruction must follow the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction).</P
-><P
->Do not create a symbolic link to a file whose name begins with the number sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->#</B
-></SPAN
->) or percent sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->%</B
-></SPAN
->). When the Cache Manager reads a
- symbolic link whose contents begin with one of those characters, it interprets it as a regular or read/write mount
- point, respectively.</P
-><P
->The ABC Corporation example creates a link to the publicly readable volume created and mounted by a preceding
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> instruction, by specifying the path to its mount point:</P
-><PRE
-CLASS="programlisting"
-> /afs/abc.com/public/$USER
-</PRE
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->link</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete pathname of the second name for the file. If it resides in the user's home directory or a
- subdirectory of it, it is simplest to use the $MTPT variable to specify the home directory pathname.</P
-><P
->Specify the read/write path to the link, to avoid the failure that results when you attempt to create a new link
- in a read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the
- pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). If you use the $MTPT variable
- in this field, the value in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field possibly already
- indicates the read/write path. For further discussion of the concept of read/write and read-only paths through the
- filespace, see <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-><P
->The ABC Corporation example creates a link called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->public</B
-></SPAN
-> in the user's home
- directory:</P
-><PRE
-CLASS="programlisting"
-> $MTPT/public
-</PRE
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ478"
->Increasing Account Security with the A Instruction</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> instruction in the template file enhances cell security by imposing the following
- restrictions on users' password choice and authentication attempts. <UL
-><LI
-><P
->Limiting the user's password lifetime. When the lifetime expires, the user can no longer use the password to
- authenticate and must change it.</P
-></LI
-><LI
-><P
->Prohibiting the reuse of the user's 20 most-recently used passwords.</P
-></LI
-><LI
-><P
->Limiting the number of consecutive times that a user can provide an incorrect password during authentication, and
- for how long the Authentication Server refuses further authentication attempts after the limit is exceeded (referred to
- as an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->account lockout</I
-></SPAN
->). For regular user accounts in most cells, the recommended limit is nine and
- lockout time is 25 minutes.</P
-></LI
-></UL
-></P
-><P
->The following discussion of the fields in an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> instruction refers to the example in the
- full account template from <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->, which sets a password lifetime of 250 days,
- prohibits reuse of passwords, limits the number of failed authentication attempts to nine, and creates a lockout time of 25
- minutes if the authentication limit is exceeded:</P
-><PRE
-CLASS="programlisting"
-> A $USER 250 noreuse 9 25
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> instruction's syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> A username password_lifetime password_reuse failures locktime
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-></DT
-><DD
-><P
->Indicates a security enhancing instruction.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->username</B
-></SPAN
-></DT
-><DD
-><P
->Names the Authentication Database entry on which to impose security restrictions. Use the $USER variable to read
- in the username from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
->
- argument, or from the username field of an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction in the bulk input file.
- The ABC Corporation example uses this value.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->password_lifetime</B
-></SPAN
-></DT
-><DD
-><P
->Sets the number of days after the user's password is changed that it remains valid. When the password becomes
- invalid (expires), the user is unable to authenticate, but has 30 more days in which to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command to change the password (after that, only an administrator can change
- it).</P
-><P
->Specify an integer from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->254</B
-></SPAN
-> to specify the number of days until expiration, the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> to indicate that the password never expires, or the value $PWEXPIRES to read in the number of
- days from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command's
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-> argument. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> instruction does not
- appear in the template file, by default the user's password never expires.</P
-><P
->The ABC Corporation example sets a password lifetime of 250 days.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->password_reuse</B
-></SPAN
-></DT
-><DD
-><P
->Determines whether or not the user can change his or her password (using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> command) to one that is similar to
- any of his or her last 20 passwords. The acceptable values are <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->reuse</B
-></SPAN
-> to allow reuse
- and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->noreuse</B
-></SPAN
-> to prohibit it. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> instruction
- does not appear in the template file, the default is to allow password reuse.</P
-><P
->The ABC Corporation example prohibits password reuse.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->failures</B
-></SPAN
-></DT
-><DD
-><P
->Sets the number of consecutive times the user can provide an incorrect password during authentication (using the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command or a login utility that grants AFS tokens). When the user exceeds the
- limit, the Authentication Server rejects further authentication attempts for the amount of time specified in the
- locktime field.</P
-><P
->Specify an integer from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->254</B
-></SPAN
-> to specify the number of failures permitted, or the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> to indicate that there is no limit to the number of unsuccessful attempts. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> instruction does not appear in the template file, the default is to allow an unlimited number
- of failures.</P
-><P
->The ABC Corporation example sets the limit to nine failed attempts.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->locktime</B
-></SPAN
-></DT
-><DD
-><P
->Specifies how long the Authentication Server refuses authentication attempts from a user who has exceeded the
- failure limit set in the failures field.</P
-><P
->Specify a number of hours and minutes (hh:mm) or minutes only (mm), from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->01</B
-></SPAN
-> (one minute) through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->36:00</B
-></SPAN
-> (36 hours). The Authentication
- Server automatically reduces any larger value to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->36:00</B
-></SPAN
-> and also rounds up any nonzero
- value to the next highest multiple of 8.5 minutes. A value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) sets an
- infinite lockout time, in which case an administrator must always issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas
- unlock</B
-></SPAN
-> command to unlock the account.</P
-><P
->The ABC Corporation example sets the lockout time to 25 minutes, which is rounded up to 25 minutes 30 seconds
- (the next highest multiple of 8.5 minutes).</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ479"
->Executing Commands with the X Instruction</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> instruction in the template file executes a command, which can be a standard UNIX
- command, a shell script or program, or an AFS command. The command string can include standard template variables, and any
- number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> instructions can appear in a template file. If an instruction manipulates an
- element created by another instruction, it must appear after that instruction.</P
-><P
->The following discussion of the field in an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> instruction refers to the example in the
- full account template from <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->:</P
-><PRE
-CLASS="programlisting"
-> X "create_public_vol $USER $1 $2"
-</PRE
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> instruction's syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> X "command"
-</PRE
-><P
->where command specifies the command to execute. Surround it with double quotes if it contains spaces. The command string
- can contain any of the standard variables, which the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter resolves before
- passing the command on to the appropriate other command interpreter, but it cannot contain newline characters.</P
-><P
->The ABC Corporation example invokes a script called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->create_public_vol</B
-></SPAN
->, which creates
- another volume associated with the new user and mounts it in a publicly readable part of the ABC Corporation's
- filespace:</P
-><PRE
-CLASS="programlisting"
-> "create_public_vol $USER $1 $2"
-</PRE
-><P
->It uses the $USER variable to read in the username and make it part of both the volume name and mount point name. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command issuer supplies a file server machine name for the $1 variable and a partition
- name for the $2 variable, to specify the site for the new volume. </P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ480"
->Creating Individual Accounts with the uss add Command</A
-></H1
-><P
->After you have created a template file, you can create an individual account by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- add</B
-></SPAN
-> command (for template creation instructions see <A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template
- File</A
->). When you issue the command, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter contacts various AFS
- servers to perform the following actions: <UL
-><LI
-><P
->Create a Protection Database entry. By default, the Protection Server assigns an AFS UID which becomes the value of
- the $UID variable used in the template.</P
-></LI
-><LI
-><P
->Create an Authentication Database entry, recording an encrypted version of the initial password.</P
-></LI
-><LI
-><P
->Create the account components defined in the indicated template file, contacting the File Server, Volume Server, and
- Volume Location (VL) Server as necessary.</P
-></LI
-></UL
-></P
-><P
->To review which types of instructions to include in a template to create different file system objects, see <A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template File</A
->. If the template is empty, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- add</B
-></SPAN
-> command creates an authentication-only account consisting of Protection Database and Authentication Database
- entries.</P
-><P
->When you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, provide a value for each variable in the template
- file by including the corresponding command-line argument. If you fail to supply a value for a variable, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter substitutes a null string, which usually causes the account creation to fail. If
- you include a command line argument for which the corresponding variable does not appear in the template, it is ignored.</P
-><P
-><A
-HREF="c24913.html#TBLWQ481"
->Table 4</A
-> summarizes the mappings between variables and the arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command. It is adapted from <A
-HREF="c24913.html#TBLWQ466"
->Table 3</A
->, but includes only those
- variables that take their value from command line arguments.</P
-><DIV
-CLASS="table"
-><A
-NAME="TBLWQ481"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="20*"><COL
-WIDTH="80*"><THEAD
-><TR
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Variable</B
-></SPAN
-></TH
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Command-line Argument</B
-></SPAN
-></TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
->$MTPT</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mount</B
-></SPAN
-> (for occurrence in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
->
- instruction)</TD
-></TR
-><TR
-><TD
->$NAME</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-realname</B
-></SPAN
-> if provided; otherwise <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->$PART</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->$PWEXPIRES</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->$SERVER</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->$UID</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> if provided; otherwise allocated by Protection Server</TD
-></TR
-><TR
-><TD
->$USER</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->$1 through $9</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-var</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-><P
-><B
->Table 4. Command-line argument sources for uss template variables</B
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ483"
->To create an AFS account with the uss add command</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Authenticate as an AFS identity with all of the following privileges. In the conventional configuration, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> user account has them, or you possibly have a personal administrative account. (To
- increase cell security, it is best to create special privileged accounts for use only while performing administrative
- procedures; for further discussion, see <A
-HREF="c32432.html#HDRWQ584"
->An Overview of Administrative Privilege</A
->.) If
- necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> admin_user
- Password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-></P
-><P
->The following list specifies the necessary privileges and indicates how to check that you have them.</P
-><UL
-><LI
-><P
->Membership in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To
- display the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Inclusion in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the
- users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on the Authentication Database entry. However, the
- Authentication Server always prompts you for a password in order to perform its own authentication. The following
- instructions direct you to specify the administrative identity on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command
- line itself.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions on the ACL of the directory in which
- you are mounting the user's volume. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which
- is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-></UL
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Log in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->.
- This is necessary only if you are creating new files or directories in the local file system and want to designate an
- alternate owner as the object is created. For a discussion of the issues involved, see <A
-HREF="c24913.html#HDRWQ470"
->About
- Creating Local Disk Directories and Files</A
->.</P
-></LI
-><LI
-><P
->Verify the location and functionality of the template file you are using. For a description of where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter expects to find the template, see <A
-HREF="c24913.html#HDRWQ468"
->Where to Place
- Template Files</A
->. You can always provide an alternate pathname if you wish. Also note the variables used in the
- template, to be sure that you provide the corresponding arguments on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command
- line.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ484"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Change to the directory where the template
- resides. This affects the type of pathname you must type in Step <A
-HREF="c24913.html#LIWQ485"
->6</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd</B
-></SPAN
-> template_directory
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag to preview the creation of the account. Note any error messages and correct
- the cause before reissuing the command without the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag. The next step describes
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command's syntax. For more information on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag, see <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted
- Operations</A
->. </P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ485"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command to create the account. Enter the
- command on a single line; it appears here on multiple lines only for legibility.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> operation creates an Authentication Database entry. The Authentication
- Server performs its own authentication rather than accepting your existing AFS token. By default, it authenticates your
- local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry. To verify that an entry has the flag, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas
- examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->login name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->administrator to authenticate</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-realname</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->full name in quotes</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pass</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->initial passwd</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->password expires in [0..254] days (0 =</VAR
->> never)>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->FileServer for home volume</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->FileServer's disk partition for home volume</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->home directory mount point</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->uid to assign the user</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-template</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->pathname of template file</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-var</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->auxiliary argument pairs (Numval)</VAR
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
->] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
->]
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ad</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Names the user's Authentication Database and Protection Database entries. Because it becomes the username
- (the name under which a user logs in), it must obey the restrictions that many operating systems impose on
- usernames (usually, to contain no more than eight lowercase letters). Also avoid the following characters: colon
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->), semicolon (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->;</B
-></SPAN
->), comma (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->,</B
-></SPAN
->), at sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@</B
-></SPAN
->), space, newline, and the period (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->), which is conventionally used only in special administrative names.</P
-><P
->This argument provides the value for the $USER variable in the template file. For suggestions on
- standardizing usernames, see <A
-HREF="c667.html#HDRWQ58"
->Choosing Usernames and Naming Other Account
- Components</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-realname</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the user's actual full name. If it contains spaces or punctuation, surround it with double quotes.
- If you do not provide it, it defaults to the username provided with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
->
- argument.</P
-><P
->This argument provides the value for the $NAME variable in the template file. For information about using
- this argument and variable as part of an automated process for creating entries in a local password file such as
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
->, see <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password
- File</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pass</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the user's initial password. Although the AFS commands that handle passwords accept strings of
- virtually unlimited length, it is best to use a password of eight characters or less, which is the maximum length
- that many applications and utilities accept.</P
-><P
->Possible choices for initial passwords include the username, a string of digits such as those from a Social
- Security number, or a standard string such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->changeme</B
-></SPAN
->, which is the default if
- you do not provide this argument. There is no corresponding variable in the template file.</P
-><P
->Instruct users to change their passwords to a truly secret string as soon as they authenticate with AFS for
- the first time. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS User Guide</I
-></SPAN
-> explains how to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command to change an AFS password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-></DT
-><DD
-><P
->Sets the number of days after a user's password is changed that it remains valid. Provide an integer from
- the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->254</B
-></SPAN
-> to specify the number of
- days until expiration, or the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> to indicate that the password never expires
- (the default if you do not provide this argument). When the password becomes invalid (expires), the user is unable
- to authenticate, but has 30 more days in which to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command to
- change the password; after that, only an administrator can change it.</P
-><P
->This argument provides the value for the $PWEXPIRES variable in the template file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine on which to create the new user's home volume. It is best to provide a fully
- qualified hostname (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->), but an abbreviated form is
- acceptable provided that the cell's naming service is available to resolve it when you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command.</P
-><P
->This argument provides the value for the $SERVER variable in the template file. To avoid having to type a
- fully qualified hostname on the command line, combine the $SERVER variable with a constant (for example, the
- cell's domain name) in the server field of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction in the template
- file. For an example, see <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the partition on which to create the user's home volume; it must be on the file server machine
- named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument. Identify the partition by its complete name (for
- example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
->), or use one of the abbreviations listed in <A
-HREF="a33826.html#HDRWQ615"
->Rules for Using Abbreviations and Aliases</A
->.</P
-><P
->This argument provides the value for the $PART variable in the template file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mount</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname for the user's home directory in the cell's read/write filespace. Partial pathnames
- are interpreted relative to the current working directory.</P
-><P
->This argument provides the value for the $MTPT variable in the template file, but only when it appears in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point field. When the $MTPT variable appears in any
- subsequent instructions, it takes its value from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's mount_point
- field, rather than directly from this argument. For more details, and for suggestions about how to use this
- argument and the $MTPT variable, see <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V
- Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-></DT
-><DD
-><P
->Specifies a positive integer other than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero) to assign as the user's
- AFS UID. It is best to omit this argument and allow the Protection Server to assign an AFS UID that is one greater
- than the current value of the <SAMP
-CLASS="computeroutput"
->max user id</SAMP
-> counter. (To display the counter, use
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listmax</B
-></SPAN
-> command as described in <A
-HREF="c29323.html#HDRWQ561"
->To display the
- AFS ID counters</A
->.)</P
-><P
->If you have a reason to use this argument (perhaps because the user already has a UNIX UID), first use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command to verify that there is no existing account with the desired
- AFS UID; if there is, the account creation process terminates with an error.</P
-><P
->This argument provides the value for the $UID variable in the template file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-template</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of the template file. If you omit this argument, the command interpreter searches for
- a template file called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss.template</B
-></SPAN
-> in each of the following directories in turn:
- <OL
-TYPE="a"
-><LI
-><P
->The current working directory</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common/uss</B
-></SPAN
->, where
- cellname names the local cell</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc</B
-></SPAN
-></P
-></LI
-></OL
-></P
-><P
->If you specify a filename other than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss.template</B
-></SPAN
-> but without a pathname,
- the command interpreter searches for it in the indicated directories. If you provide a full or partial pathname,
- the command interpreter consults the specified file only; it interprets partial pathnames relative to the current
- working directory.</P
-><P
->If the specified template file is empty (zero-length), the command creates Protection and Authentication
- Database entries only.</P
-><P
->To learn how to construct a template file, see <A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template
- File</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-var</B
-></SPAN
-></DT
-><DD
-><P
->Specifies values for each of the number variables $1 through $9 that can appear in the template file. You
- can use the number variables to assign values to variables in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> template
- file that are not part of the standard set.</P
-><P
->For each instance of this argument, provide two parts in the indicated order, separated by a space:
- <UL
-><LI
-><P
->The integer from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->9</B
-></SPAN
-> that matches the variable in the template file. Do not precede it with a dollar
- sign.</P
-></LI
-><LI
-><P
->A string of alphanumeric characters to assign as the value of the variable.</P
-></LI
-></UL
-></P
-><P
->To learn about suggested uses for the number variables, see the description of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction's quota field in <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V
- Instruction</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-></DT
-><DD
-><P
->Reports actions that the command interpreter needs to perform to run the command, without actually
- performing them.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-></DT
-><DD
-><P
->Overwrites any directories, files, and links that exist in the file system and for which there are
- definitions in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instructions
- in the template file named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-template</B
-></SPAN
-> argument. If you omit this flag, the
- command interpreter prompts you once for confirmation that you want to overwrite all such elements.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If the new user home directory resides in a replicated volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
->
- command to release the volume, as described in <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a
- read-only volume)</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->This step can be necessary even if the home directory's parent directory is not itself a mount point for a
- replicated volume (and is easier to overlook in that case). For example, the ABC Corporation template puts the mount
- points for user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr</B
-></SPAN
-> directory. Because that is a regular
- directory rather than a mount point, it resides in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume mounted at the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
-> directory. That volume is replicated, so after changing it by creating a
- new mount point the administrator must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command.</P
-></BLOCKQUOTE
-></DIV
-></LI
-><LI
-><P
->Create an entry for the new user in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or
- equivalent) on each AFS client machine that he or she can log into. For suggestions on automating this step, see <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password File</A
->.</P
-><P
->Even if you do not use the automated method, set the user's UNIX UID to match the AFS UID assigned automatically by
- the Protection Server or assigned with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> argument. The new user's AFS UID appears
- in the trace produced by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> output, or you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- examine</B
-></SPAN
-> command to display it, as described in <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database
- entry</A
->.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ486"
->Deleting Individual Accounts with the uss delete Command</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command deletes an AFS user account according to the arguments you provide
- on the command line; unlike the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, it does not use a template file. When you
- issue the command, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command interpreter contacts various AFS servers to perform the
- following actions: <UL
-><LI
-><P
->Remove the mount point for the user's home volume</P
-></LI
-><LI
-><P
->Remove the user's home volume and delete the associated VLDB entry, unless you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-savevolume</B
-></SPAN
-> flag</P
-></LI
-><LI
-><P
->Delete the user's Authentication Database entry</P
-></LI
-><LI
-><P
->Delete the user's Protection Database entry</P
-></LI
-></UL
-></P
-><P
->Before issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command, you can also perform the following optional tasks:
- <UL
-><LI
-><P
->Copy the user's home volume to tape or another permanent medium and record the username and UID on a reserved list.
- This information enables you to restore the user's account easily if he or she returns to your cell. For information about
- using the AFS Backup System to back up volumes, see <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
-> and
- <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
->.</P
-></LI
-><LI
-><P
->If the user has exclusive use of any other volumes (such as a volume for storing project-related data), make a
- backup copy of each one and then remove it and its mount point as instructed in <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes
- and their Mount Points</A
->.</P
-></LI
-><LI
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command to display any groups that the user owns;
- instructions appear in <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->. Decide whether to use
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> command to remove the groups or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- chown</B
-></SPAN
-> command to transfer ownership to another user or group. Instructions appear in <A
-HREF="c29323.html#HDRWQ553"
->To delete Protection Database entries</A
-> and <A
-HREF="c29323.html#HDRWQ555"
->To change a group's
- owner</A
->. Alternatively, you can have the user remove or transfer ownership of the groups before leaving. A group that
- remains in the Protection Database after its owner is removed is considered orphaned, and only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can administer it.</P
-></LI
-></UL
-></P
-><P
->You can automate some of these tasks by including <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exec</B
-></SPAN
-> instructions in the bulk input
- file and using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command to delete the account. See <A
-HREF="c24913.html#HDRWQ488"
->Creating and Deleting Multiple Accounts with the uss bulk Command</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ487"
->To delete an AFS account</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Authenticate as an AFS identity with all of the following privileges. In the conventional configuration, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> user account has them, or you possibly have a personal administrative account. (To
- increase cell security, it is best to create special privileged accounts for use only while performing administrative
- procedures; for further discussion, see <A
-HREF="c32432.html#HDRWQ584"
->An Overview of Administrative Privilege</A
->.) If
- necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> admin_user
- Password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-></P
-><P
->The following list specifies the necessary privileges and indicates how to check that you have them.</P
-><UL
-><LI
-><P
->Membership in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To
- display the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Inclusion in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the
- users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on the Authentication Database entry. However, the
- Authentication Server always prompts you for a password in order to perform its own authentication. The following
- instructions direct you to specify the administrative identity on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command
- line itself.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->) permission on the ACL of the
- directory that houses the user's home directory. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-></UL
-></LI
-><LI
-><P
->Consider and resolve the issues discussed in the introduction to this section concerning the continued maintenance
- of a deleted user's account information, owned groups, and volumes.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag to preview the deletion of the account. Note any error messages and correct
- the cause before reissuing the command without the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag. The next step describes
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command's syntax. </P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command to delete the account. Enter the command on a single
- line; it appears here on multiple lines only for legibility.</P
-><P
->The delete operation always removes the user's entry from the Authentication Database. The Authentication Server
- performs its own authentication rather than accepting your existing AFS token. By default, it authenticates your local
- (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry. To verify that an entry has the flag, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas
- examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->login name</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mountpoint</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->mountpoint for user's volume</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-savevolume</B
-></SPAN
->] <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->administrator to authenticate</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
->]
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Names the entry to delete from the Protection and Authentication Databases.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mountpoint</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of the mount point to delete (the user's home directory). Unless the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-savevolume</B
-></SPAN
-> argument is included, the volume mounted there is also deleted from the file
- server machine where it resides, as is its record from the VLDB. Partial pathnames are interpreted relative to the
- current working directory.</P
-><P
->Specify the read/write path to the mount point, to avoid the failure that results when you attempt to delete
- a mount point from a read-only volume. By convention, you indicate the read/write path by placing a period before
- the cell name at the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For
- further discussion of the concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-savevolume</B
-></SPAN
-></DT
-><DD
-><P
->Retains the user's volume and VLDB entry.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-></DT
-><DD
-><P
->Reports actions that the command interpreter needs to perform to run the command, without actually
- performing them.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If the deleted user home directory resided in a replicated volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-> command to release the volume, as described in <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write
- volume (create a read-only volume)</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->This step can be necessary even if the home directory's parent directory is not itself a mount point for a
- replicated volume (and is easier to overlook in that case). For example, the ABC Corporation template puts the mount
- points for user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr</B
-></SPAN
-> directory. Because that is a regular
- directory rather than a mount point, it resides in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume mounted at the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
-> directory. That volume is replicated, so after changing it by deleting a
- mount point the administrator must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command.</P
-></BLOCKQUOTE
-></DIV
-></LI
-><LI
-><P
->Delete the user's entry from the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) of
- each client machine. If you use the AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> utility, it is sufficient to remove the
- entry from the common source version of the file. If you intend to reactivate the user's account in the future, it is
- simpler to comment out the entry or place an asterisk (*) in the password field.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ488"
->Creating and Deleting Multiple Accounts with the uss bulk Command</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command allows you to create and delete many accounts at once. Before
- executing the command, you must <UL
-><LI
-><P
->Construct a template if you plan to create any accounts, just as you must do before running the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command. The same template applies to all accounts created by a single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->Construct a bulk input file of instructions that create and delete accounts and execute any related commands, as
- described in <A
-HREF="c24913.html#HDRWQ489"
->Constructing a Bulk Input File</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ489"
->Constructing a Bulk Input File</A
-></H2
-><P
->You can include five types of instructions in a bulk input file: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exec</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
->, and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
->. The following sections discuss their uses.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Creating a User Account with the add Instruction</B
-></SPAN
-></P
-><P
->Each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction creates a single user account, and so is basically the equivalent
- of issuing one <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command. There is no limit to the number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instructions in the bulk input file.</P
-><P
->As indicated by the following syntax statement, the order of the instruction's fields matches the order of arguments to
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command (though some of the command's arguments do not have a corresponding
- field). Like the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command's arguments, many of the fields provide a value for a
- variable in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> template file. Each instruction must be a single line in the file (have a
- newline character only at its end); it appears on multiple lines here only for legibility.</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> username[<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->full_name][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->initial_password][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->password_expires]
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->file_server][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->partition][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->mount_point][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->uid]
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var1][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var2][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var3][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var4][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var5][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var6][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var7][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var8][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->var9][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->]
-</PRE
-><P
->For a complete description of the acceptable values in each field, see the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss Bulk Input
- File</B
-></SPAN
-> reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->, or the description of the
- corresponding arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command, in <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS
- account with the uss add command</A
->. Following are some basic notes: <UL
-><LI
-><P
->Begin the line with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> only, not <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- add</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Only the first argument, username, is required. It corresponds to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
->
- argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->Do not surround the full_name value with double quotes, even though you must use them around the value for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-realname</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->If you want to omit a value for an argument, indicate an empty field by using two colons with nothing between
- them. Leaving a field empty is acceptable if the corresponding command line argument is optional or if the corresponding
- variable does not appear in the template file. For every field that precedes the last one to which you assign an actual
- value, you must either provide a value or indicate an empty field. It is acceptable, but not necessary, to indicate
- empty fields after the last one in which you assign a value.</P
-></LI
-><LI
-><P
->After the last field, end the line with either a colon and newline character (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
->), or a newline alone.</P
-></LI
-><LI
-><P
->The final nine fields are for assigning values to the number variables ($1 through $9), with the fields listed in
- increasing numerical order. Specify the value only, not the variable number.</P
-></LI
-></UL
-></P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Deleting a User Account with the delete Instruction</B
-></SPAN
-></P
-><P
->Each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instruction deletes a single user account, and so is basically the
- equivalent of issuing one <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command. There is no limit to the number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instructions in the bulk input file.</P
-><P
->Like all instructions in the bulk input file, each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instruction must be a single
- line in the file (have a newline character only at its end), even though it can cover multiple lines on a display screen. The
- curly braces (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->{ }</B
-></SPAN
->) indicate two mutually exclusive choices.</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> username<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->mount_point_path[:{ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
-> }][<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->]
-</PRE
-><P
->For a complete description of the acceptable values in each field, see the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss Bulk Input
- File</B
-></SPAN
-> reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
-> or the description of the
- corresponding arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command, in <A
-HREF="c24913.html#HDRWQ487"
->To delete an
- AFS account</A
->. Following are some basic notes: <UL
-><LI
-><P
->Begin the line with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> only, not <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- delete</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->The first two arguments, username and mount_point_path, are required. They correspond to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mountpoint</B
-></SPAN
-> arguments to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- delete</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->The third field, which is optional, controls whether the user's home volume is removed from the file server where
- it resides, along with the corresponding VLDB entry. There are three possible values: <UL
-><LI
-><P
->No value treats the volume and VLDB entry according to the prevailing default, which is established by a
- preceding <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
-> instruction in
- the template file. See the following discussion of those instructions to learn how the default is set.</P
-></LI
-><LI
-><P
->The string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> preserves the volume and VLDB entry, overriding the
- default.</P
-></LI
-><LI
-><P
->The string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
-> removes the volume and VLDB entry, overriding the
- default.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->After the last field, end the line with either a colon and newline character (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><Return></B
-></SPAN
->), or a newline alone.</P
-></LI
-></UL
-></P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Running a Command or Script with the exec Instruction</B
-></SPAN
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exec</B
-></SPAN
-> instruction runs the indicated AFS command, compiled program, or UNIX shell
- script or command. The command processor assumes the AFS and local identities of the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- bulk</B
-></SPAN
-> command, who must have the privileges required to run the command.</P
-><P
->The instruction's syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exec</B
-></SPAN
-> command
-</PRE
-><P
->It is not necessary to surround the command string with double quotes (" ") or other delimiters.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Setting the Default Treatment of Volumes with the delvolume and savevolume
- Instructions</B
-></SPAN
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
-> instructions set the
- default treatment of volumes referenced by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instructions that follow them in the
- bulk input file. Their syntax is as follows:</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
->
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
->
- </PRE
-><P
->Both instructions are optional and take no arguments. If neither appears in the bulk input file, then by default all
- volumes and VLDB entries referenced by <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instructions are removed. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> instruction appears in the file, it prevents the removal of the volume and VLDB entry
- referenced by all subsequent <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instructions in the file. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
-> instruction explicitly establishes the default (which is deletion) for subsequent <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instructions.</P
-><P
->The effect of either instruction lasts until the end of the bulk input file, or until its opposite appears. To override
- the prevailing default for a particular <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instruction, put the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
-> string in the instruction's third field. (You
- can also use multiple instances of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
-> instructions to toggle back and forth between default preservation and deletion of
- volumes.)</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_570"
->Example Bulk Input File Instructions</A
-></H2
-><P
->To create an authentication-only account, use an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction like the following
- example, which includes only the first (username) argument. The user's real name is set to match the username (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anderson</B
-></SPAN
->) and her initial password is set to the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->changeme</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> add anderson
-</PRE
-><P
->The following example also creates an authentication-only account, but sets nondefault values for the real name and
- initial password.</P
-><PRE
-CLASS="programlisting"
-> add smith:John Smith:js_pswd
-</PRE
-><P
->The next two example <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instructions require that the administrator of the ABC
- Corporation cell (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
->) has written a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> template file
- with the following <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction in it:</P
-><PRE
-CLASS="programlisting"
-> V user.$USER $SERVER.abc.com /vicep$PART 10000 /afs/.abc.com/usr/$3/$USER \
- $UID $USER all
-</PRE
-><P
->To create accounts for users named John Smith from the Marketing Department and Pat Jones from the Finance Department,
- the appropriate <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instructions in the bulk input file are as follows:</P
-><PRE
-CLASS="programlisting"
-> add smith:John Smith:::fs1:a:::::marketing
- add jones:Pat Jones:::fs3:c:::::finance
-</PRE
-><P
->The new account for Smith consists of Protection and Authentication Database entries called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
->. His initial password is the default string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->changeme</B
-></SPAN
->, and the
- Protection Server generates his AFS UID. His home volume, called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.smith</B
-></SPAN
->, has a 10,000 KB
- quota, resides on partition <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
-> of file server machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs1.abc.com</B
-></SPAN
->, and is mounted at <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/usr/marketing/smith</B
-></SPAN
->. The
- final <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$UID $USER all</B
-></SPAN
-> part of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction gives him
- ownership of his home directory and all permissions on its ACL. The account for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
-> is
- similar, except that it resides on partition <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepc</B
-></SPAN
-> of file server machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs3.abc.com</B
-></SPAN
-> and is mounted at <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com/usr/finance/jones</B
-></SPAN
->.</P
-><P
->Notice that the fields corresponding to mount_point, uid, var1, and var2 are empty (between the values
- <SAMP
-CLASS="computeroutput"
->a</SAMP
-> and <SAMP
-CLASS="computeroutput"
->marketing</SAMP
-> on the first example line) because the
- corresponding variables do not appear in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction in the template file. The
- initial_passwd and password_expires fields are also empty.</P
-><P
->If you wish, you can specify values or empty fields for all nine number variables in an <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction. In that case, the bulk input file instructions are as follows:</P
-><PRE
-CLASS="programlisting"
-> add smith:John Smith:::fs1:a:::::marketing::::::
- add jones:Pat Jones:::fs3:c:::::finance::::::
-</PRE
-><P
->The following example is a section of a bulk input file with a number of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->
- instructions and a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> instruction. Because the first three instructions appear before
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> instruction and their third field is blank, the corresponding volumes and VLDB
- entries are removed. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instruction for user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->
- follows the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->savevolume</B
-></SPAN
-> instruction, so her volume is not removed, but the volume for user
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->johnson</B
-></SPAN
-> is, because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delvolume</B
-></SPAN
-> string in the third field
- of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instruction overrides the current default.</P
-><PRE
-CLASS="programlisting"
-> delete smith:/afs/abc.com/usr/smith
- delete pat:/afs/abc.com/usr/pat
- delete rogers:/afs/abc.com/usr/rogers
- savevolume
- delete terry:/afs/abc.com/usr/terry
- delete johnson:/afs/abc.com/usr/johnson:delvolume
-</PRE
-><P
->The following example <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exec</B
-></SPAN
-> instruction is useful as a separator between a set of
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instructions and a set of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> instructions. It
- generates a message on the standard output stream that informs you of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command's
- progress.</P
-><PRE
-CLASS="programlisting"
-> exec echo "Additions completed; beginning deletions..."
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_571"
->To create and delete multiple AFS user accounts</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Authenticate as an AFS identity with all of the following privileges. In the conventional configuration, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> user account has them, or you possibly have a personal administrative account. (To
- increase cell security, it is best to create special privileged accounts for use only while performing administrative
- procedures; for further discussion, see <A
-HREF="c32432.html#HDRWQ584"
->An Overview of Administrative Privilege</A
->.) If
- necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> admin_user
- Password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-></P
-><P
->The following list specifies the necessary privileges and indicates how to check that you have them.</P
-><UL
-><LI
-><P
->Membership in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To
- display the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Inclusion in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the
- users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on the Authentication Database entry. However, the
- Authentication Server always prompts you for a password in order to perform its own authentication. The following
- instructions direct you to specify the administrative identity on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command
- line itself.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions on the ACL of the parent directory for each volume mount point. If
- necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-></UL
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional.)</B
-></SPAN
-> Log in as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->.
- This is necessary only if you are creating new files or directories in the local file system and want to designate an
- alternate owner as the object is created. For a discussion of the issues involved, see <A
-HREF="c24913.html#HDRWQ470"
->About
- Creating Local Disk Directories and Files</A
->.</P
-></LI
-><LI
-><P
->If the bulk input file includes <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instructions, verify the location and
- functionality of the template you are using. For a description of where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> command
- interpreter expects to find the template, see <A
-HREF="c24913.html#HDRWQ468"
->Where to Place Template Files</A
->. You can
- always provide an alternate pathname if you wish. Also note which variables appear in the template, to be sure that you
- provide the corresponding arguments in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction or on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command line.</P
-></LI
-><LI
-><P
->Create a bulk input file that complies with the rules listed in <A
-HREF="c24913.html#HDRWQ489"
->Constructing a Bulk Input
- File</A
->. It is simplest to put the file in the same directory as the template file you are using.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional.)</B
-></SPAN
-> Change to the directory where the bulk input file and template file
- reside. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd</B
-></SPAN
-> template_directory
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ490"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command to create or delete accounts, or
- both. Enter the command on a single line; it appears here on multiple lines only for legibility.</P
-><P
->The bulk operation always manipulates user entries in the Authentication Database. The Authentication Server
- performs its own authentication rather than accepting your existing AFS token. By default, it authenticates your local
- (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry. To verify that an entry has the flag, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas
- examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->bulk input file</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-template</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->pathname of template file</VAR
->>] \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->administrator to authenticate</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
->] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->password expires in [0..254] days (0 =</VAR
->> never)>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pipe</B
-></SPAN
->]
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->b</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bulk</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bulk input file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of the bulk input file. Partial pathnames are interpreted relative to the current
- working directory. For a discussion of the required file format, see <A
-HREF="c24913.html#HDRWQ489"
->Constructing a Bulk
- Input File</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-template</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of the template file for any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> commands that
- appear in the bulk input file. Partial pathnames are interpreted relative to the current working directory. For a
- discussion of the required file format, see <A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template
- File</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> account. The password prompt
- echoes it as admin_user. Enter the appropriate password as admin_password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-></DT
-><DD
-><P
->Reports actions that the command interpreter needs to perform to run the command, without actually
- performing them.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-></DT
-><DD
-><P
->Overwrites any directories, files and links that exist in the file system and for which there are also
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->L</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> instructions in the template file named
- by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-template</B
-></SPAN
-> argument. If this flag is omitted, the command interpreter
- prompts, once for each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction in the bulk input file, for confirmation
- that it is to overwrite such elements. Do not include this flag if there are no <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instructions in the bulk input file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-></DT
-><DD
-><P
->Sets the number of days after a user's password is changed that it remains valid, for each user named by an
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->add</B
-></SPAN
-> instruction in the bulk input file. Provide an integer from the range
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->254</B
-></SPAN
-> to specify the number of days
- until expiration, or the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> to indicate that the password never expires (the
- default).</P
-><P
->When the password becomes invalid (expires), the user is unable to authenticate, but has 30 more days in
- which to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command to change the password (after that, only an
- administrator can change it).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pipe</B
-></SPAN
-></DT
-><DD
-><P
->Suppresses the Authentication Server's prompt for the password of the issuer or the user named by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument (the Authentication Server always separately authenticates the
- user who is creating or deleting an entry in the Authentication Database). Instead, the command interpreter
- accepts the password as piped input from another program, enabling you to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- bulk</B
-></SPAN
-> command in unattended batch jobs.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If a newly created or deleted user home directory resides in a replicated volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-> command to release the volume, as described in <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write
- volume (create a read-only volume)</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->This step can be necessary even if the home directory's parent directory is not itself a mount point for a
- replicated volume (and is easier to overlook in that case). For example, the ABC Corporation template puts the mount
- points for user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr</B
-></SPAN
-> directory. Because that is a regular
- directory rather than a mount point, it resides in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume mounted at the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
-> directory. That volume is replicated, so after changing it by creating or
- deleting a mount point, the administrator must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command.</P
-></BLOCKQUOTE
-></DIV
-></LI
-><LI
-><P
->If you are creating accounts, create an entry for the new user in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) on each AFS client machine that he or she can log into. For suggestions
- on automating this step, see <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password File</A
->.</P
-><P
->Even if you do not use the automated method, set the user's UNIX UID to match the AFS UID assigned automatically by
- the Protection Server or assigned with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-uid</B
-></SPAN
-> argument. The new user's AFS UID appears
- in the trace produced by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> output or you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- examine</B
-></SPAN
-> command to display it, as described in <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database
- entry</A
->.</P
-></LI
-><LI
-><P
->If you are deleting accounts, delete the user's entry from the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) of each client machine. If you use the AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> utility, it is sufficient to remove the entry from the common source version of the file.
- If you intend to reactivate the user's account in the future, it is simpler to comment out the entry or place an asterisk
- (*) in the password field.</P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="p24911.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c27596.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Managing Users and Groups</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p24911.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Administering User Accounts</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Administering User Accounts</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing Users and Groups"
-HREF="p24911.html"><LINK
-REL="PREVIOUS"
-TITLE="Creating and Deleting User Accounts with the uss Command Suite"
-HREF="c24913.html"><LINK
-REL="NEXT"
-TITLE="Administering the Protection Database"
-HREF="c29323.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c24913.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c29323.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ491"
-></A
->Chapter 13. Administering User Accounts</H1
-><P
-></P
-><P
->This chapter explains how to create and maintain user accounts in your cell.</P
-><P
->The preferred method for creating user accounts is the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> program, which enables you to
- create multiple accounts with a single command. See <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss
- Command Suite</A
->. If you prefer to create each account component individually, follow the instructions in <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ492"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN27610"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="57*"><COL
-WIDTH="43*"><TBODY
-><TR
-><TD
->Create Protection Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create Authentication Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas create</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Mount volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create entry on ACL</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Examine Protection Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change directory ownership</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/chown</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Limit failed authentication attempts</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locktime</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Unlock Authentication Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas unlock</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set password lifetime</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Prohibit password reuse</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-reuse</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change AFS password</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->List groups owned by user</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Rename Protection Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Delete Authentication Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas delete</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Rename volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos rename</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove mount point</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Delete Protection Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->List volume location</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ494"
->The Components of an AFS User Account</A
-></H1
-><P
->The differences between AFS and the UNIX file system imply that a complete AFS user account is not the same as a UNIX user
- account. The following list describes the components of an AFS account. The same information appears in a corresponding section
- of <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command Suite</A
->, but is repeated here for your
- convenience. <UL
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Protection Database entry</I
-></SPAN
-> defines the username (the name provided when authenticating with
- AFS), and maps it to an AFS user ID (AFS UID), a number that the AFS servers use internally when referencing users. The
- Protection Database also tracks the groups to which the user belongs. For details, see <A
-HREF="c29323.html"
->Administering the Protection Database</A
->.</P
-></LI
-><LI
-><P
->An <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Authentication Database entry</I
-></SPAN
-> records the user's AFS password in a scrambled form suitable
- for use as an encryption key.</P
-></LI
-><LI
-><P
->A home <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume</I
-></SPAN
-> stores all the files in the user's home directory together on a single partition
- of a file server machine. The volume has an associated quota that limits its size. For a complete discussion of volumes,
- see <A
-HREF="c8420.html"
->Managing Volumes</A
->.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mount point</I
-></SPAN
-> makes the contents of the user's volume visible and accessible in the AFS
- filespace, and acts as the user's home directory. For more details about mount points, see <A
-HREF="c8420.html#HDRWQ183"
->About
- Mounting Volumes</A
->.</P
-></LI
-><LI
-><P
->Full access permissions on the home directory's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->access control list (ACL)</I
-></SPAN
-> and ownership of the
- directory (as displayed by the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> command) enable the user to manage his or her
- files. For details on AFS file protection, see <A
-HREF="c31274.html"
->Managing Access Control Lists</A
->.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->local password file entry</I
-></SPAN
-> (in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> file or
- equivalent) of each AFS client machine enables the user to log in and access AFS files through the Cache Manager. A
- subsequent section in this chapter further discusses local password file entries.</P
-></LI
-><LI
-><P
->Other optional <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->configuration files</I
-></SPAN
-> make the account more convenient to use. Such files help the
- user log in and log out more easily, receive electronic mail, print, and so on.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ495"
->Creating Local Password File Entries</A
-></H1
-><P
->To obtain authenticated access to a cell's AFS filespace, a user must not only have a valid AFS token, but also an entry
- in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) of the machine whose Cache Manager is
- representing the user. This section discusses why it is important for the user's AFS UID to match to the UNIX UID listed in the
- local password file, and describes the appropriate value to put in the file's password field.</P
-><P
->One reason to use <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands is that they enable you to generate local password file
- entries automatically as part of account creation. See <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password
- File</A
->.</P
-><P
->Information similar to the information in this section appears in a corresponding section of <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command Suite</A
->, but is repeated here for your
- convenience</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ496"
->Assigning AFS and UNIX UIDs that Match</A
-></H2
-><P
->A user account is easiest to administer and use if the AFS user ID number (AFS UID) and UNIX UID match. All instructions
- in the AFS documentation assume that they do.</P
-><P
->The most basic reason to make AFS and UNIX UIDs the same is so that the owner name reported by the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> commands makes sense for AFS files and directories.
- Following standard UNIX practice, the File Server records a number rather than a username in an AFS file or directory's owner
- field: the owner's AFS UID. When you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command, it translates the UID to a
- username according to the mapping in the local password file, not the AFS Protection Database. If the AFS and UNIX UIDs do not
- match, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command reports an unexpected (and incorrect) owner. The output can even
- vary on different client machines if their local password files map the same UNIX UID to different names.</P
-><P
->Follow the recommendations in the indicated sections to make AFS and UNIX UIDs match when creating accounts for various
- types of users: <UL
-><LI
-><P
->If creating an AFS account for a user who already has a UNIX UID, see <A
-HREF="c27596.html#HDRWQ499"
->Making UNIX and AFS
- UIDs Match</A
->.</P
-></LI
-><LI
-><P
->If some users in your cell have existing UNIX accounts but the user for whom you are creating an AFS account does
- not, then it is best to allow the Protection Server to allocate an AFS UID automatically. To avoid overlap of AFS UIDs
- with existing UNIX UIDs, set the Protection Database's <SAMP
-CLASS="computeroutput"
->max user id</SAMP
-> counter higher than
- the largest UNIX UID, using the instructions in <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID
- Counters</A
->.</P
-></LI
-><LI
-><P
->If none of your users have existing UNIX accounts, allow the Protection Server to allocate AFS UIDs automatically,
- starting either at its default or at the value you have set for the <SAMP
-CLASS="computeroutput"
->max user id</SAMP
->
- counter.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ497"
->Specifying Passwords in the Local Password File</A
-></H2
-><P
->Authenticating with AFS is easiest for your users if you install and configure an AFS-modified login utility, which logs
- a user into the local file system and obtains an AFS token in one step. In this case, the local password file no longer
- controls a user's ability to login in most circumstances, because the AFS-modified login utility does not consult the local
- password file if the user provides the correct AFS password. You can nonetheless use a password file entry's password field
- (usually, the second field) in the following ways to control login and authentication: <UL
-><LI
-><P
->To prevent both local login and AFS authentication, place an asterisk ( * ) in the field. This is useful mainly in
- emergencies, when you want to prevent a certain user from logging into the machine.</P
-></LI
-><LI
-><P
->To prevent login to the local file system if the user does not provide the correct AFS password, place a character
- string of any length other than the standard thirteen characters in the field. This is appropriate if you want to allow
- only people with local AFS accounts to log into to your machines. A single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> or other
- character is the most easily recognizable way to do this.</P
-></LI
-><LI
-><P
->To enable a user to log into the local file system even after providing an incorrect AFS password, record a
- standard UNIX encrypted password in the field by issuing the standard UNIX password-setting command (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
-> or equivalent).</P
-></LI
-></UL
-></P
-><P
->If you do not use an AFS-modified login utility, you must place a standard UNIX password in the local password file of
- every client machine the user will use. The user logs into the local file system only, and then must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate with AFS. It is simplest if the passwords in the local password file and
- the Authentication Database are the same, but this is not required. </P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ498"
->Converting Existing UNIX Accounts</A
-></H1
-><P
->This section discusses the three main issues you need to consider if your cell has existing UNIX accounts that you wish to
- convert to AFS accounts.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ499"
->Making UNIX and AFS UIDs Match</A
-></H2
-><P
->As previously mentioned, AFS users must have an entry in the local password file on every client machine from which they
- access the AFS filespace as an authenticated user. Both administration and use are much simpler if the UNIX UID and AFS UID
- match. When converting existing UNIX accounts, you have two alternatives: <UL
-><LI
-><P
->Make the AFS UIDs match the existing UNIX UIDs. In this case, you need to assign the AFS UID yourself by including
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> command as you
- create the AFS account.</P
-><P
->Because you are retaining the user's UNIX UID, you do not need to alter the UID in the local password file entry.
- However, if you are using an AFS-modified login utility, you possibly need to change the password field in the entry.
- For a discussion of how the value in the password field affects login with an AFS-modified login utility, see <A
-HREF="c27596.html#HDRWQ497"
->Specifying Passwords in the Local Password File</A
->.</P
-><P
->If now or in the future you need to create AFS accounts for users who do not have an existing UNIX UID, then you
- must guarantee that new AFS UIDs do not conflict with any existing UNIX UIDs. The simplest way is to set the
- <SAMP
-CLASS="computeroutput"
->max user id</SAMP
-> counter in the Protection Database to a value higher than the largest
- existing UNIX UID. See <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->.</P
-></LI
-><LI
-><P
->Change the existing UNIX UIDs to match the new AFS UIDs that the Protection Server assigns automatically.</P
-><P
->Allow the Protection Server to allocate the AFS UIDs automatically as you create AFS accounts. You must then alter
- the user's entry in the local password file on every client machine to include the new UID.</P
-><P
->There is one drawback to changing the UNIX UID: any files and directories that the user owned in the local file
- system before becoming an AFS user still have the former UID in their owner field. If you want the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> commands to display the correct owner, you must
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command to change the value to the user's new UID, whether you are
- leaving the file in the local file system or moving it to AFS. See <A
-HREF="c27596.html#HDRWQ501"
->Moving Local Files into
- AFS</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ500"
->Setting the Password Field Appropriately</A
-></H2
-><P
->Existing UNIX accounts already have an entry in the local password file, probably with a (scrambled) password in the
- password field. You possibly need to change the value in the field, depending on the type of login utility you use:
- <UL
-><LI
-><P
->If the login utility is not modified for use with AFS, the actual password must appear (in scrambled form) in the
- local password file entry.</P
-></LI
-><LI
-><P
->If the login utility is modified for use with AFS, choose one of the values discussed in <A
-HREF="c27596.html#HDRWQ497"
->Specifying Passwords in the Local Password File</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ501"
->Moving Local Files into AFS</A
-></H2
-><P
->New AFS users with existing UNIX accounts probably already own files and directories stored in a machine's local file
- system, and it usually makes sense to transfer them into the new home volume. The easiest method is to move them onto the
- local disk of an AFS client machine, and then use the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mv</B
-></SPAN
-> command to transfer them into
- the user's new AFS home directory.</P
-><P
->As you move files and directories into AFS, keep in mind that the meaning of their mode bits changes. AFS ignores the
- second and third sets of mode bits (group and other), and does not use the first set (the owner bits) directly, but only in
- conjunction with entries on the ACL (for details, see <A
-HREF="c31274.html#HDRWQ580"
->How AFS Interprets the UNIX Mode Bits</A
->).
- Be sure that the ACL protects the file or directory at least as securely as the mode bits.</P
-><P
->If you have chosen to change a user's UNIX UID to match a new AFS UID, you must change the ownership of UNIX files and
- directories as well. Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command on files and directories once they reside in AFS.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ502"
->Creating AFS User Accounts</A
-></H1
-><P
->There are two methods for creating user accounts. The preferred method--using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
->
- commands--enables you to create multiple accounts with a single command. It uses a template to define standard values for the
- account components that are the same for each user (such as quota), but provide differing values for more variable components
- (such as username). See <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command Suite</A
->.</P
-><P
->The second method involves issuing a separate command to create each component of the account. It is best suited to
- creation of one account at a time, since some of the commands can create only one instance of the relevant component. To review
- the function of each component, see <A
-HREF="c27596.html#HDRWQ494"
->The Components of an AFS User Account</A
->.</P
-><P
->Use the following instructions to create any of the three types of user account, which differ in their levels of
- functionality. For a description of the types, see <A
-HREF="c667.html#HDRWQ57"
->Configuring AFS User Accounts</A
->. <UL
-><LI
-><P
->To create an authentication-only account, perform Step <A
-HREF="c27596.html#LIWQ504"
->1</A
-> through Step <A
-HREF="c27596.html#LIWQ507"
->4</A
-> and also Step <A
-HREF="c27596.html#LIWQ514"
->14</A
->. This type of account consists only of entries
- in the Authentication Database and Protection Database.</P
-></LI
-><LI
-><P
->To create a basic account, perform Step <A
-HREF="c27596.html#LIWQ504"
->1</A
-> through Step <A
-HREF="c27596.html#LIWQ510"
->8</A
-> and Step <A
-HREF="c27596.html#LIWQ512"
->11</A
-> through Step <A
-HREF="c27596.html#LIWQ514"
->14</A
->. In
- addition to Authentication Database and Protection Database entries, this type of account includes a volume mounted at the
- home directory with owner and ACL set appropriately.</P
-></LI
-><LI
-><P
->To create a full account, perform all steps in the following instructions. This type of account includes
- configuration files for basic functions such as logging in, printing, and mail delivery, making it more convenient and
- useful. For a discussion of some useful types of configuration files, see <A
-HREF="c667.html#HDRWQ60"
->Creating Standard Files
- in New AFS Accounts</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ503"
->To create one user account with individual commands</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
-><A
-NAME="LIWQ504"
-></A
->Decide on the value to assign to each of the following account components. If you are
- creating an authentication-only account, you need to pick only a username, AFS UID, and initial password. <UL
-><LI
-><P
->The username. By convention, the names of many components of the user account incorporate this name. For a
- discussion of restrictions and suggested naming schemes, see <A
-HREF="c667.html#HDRWQ58"
->Choosing Usernames and Naming
- Other Account Components</A
->.</P
-></LI
-><LI
-><P
->The AFS UID, if you want to assign a specific one. It is generally best to have the Protection Server allocate
- one instead, except when you are creating an AFS account for a user who already has an existing UNIX account. In
- that case, migrating the user's files into AFS is simplest if you set the AFS UID to match the existing UNIX UID.
- See <A
-HREF="c27596.html#HDRWQ498"
->Converting Existing UNIX Accounts</A
->.</P
-></LI
-><LI
-><P
->The initial password. Advise the user to change this at the first login, using the password changing
- instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS User Guide</I
-></SPAN
->.</P
-></LI
-><LI
-><P
->The name of the user's home volume. The conventional name is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
->username
- (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.smith</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->The volume's site (disk partition on a file server machine). Some cells designate certain machines or
- partitions for user volumes only, or it possibly makes sense to place the volume on the emptiest partition that
- meets your other criteria. To display the size and available space on a partition, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- partinfo</B
-></SPAN
-> command, which is fully described in <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write
- Volumes</A
->.</P
-></LI
-><LI
-><P
->The name of the user's home directory (the mount point for the home volume). The conventional location is a
- directory (or one of a set of directories) directly under the cell directory, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
->. For suggestions on how to avoid the
- slowed directory lookup that can result from having large numbers of user home directories in a single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr</B
-></SPAN
-> directory, see <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with
- the G Instruction</A
->.</P
-></LI
-><LI
-><P
->The volume's space quota. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> command, or accept the default quota of 5000 KB.</P
-></LI
-><LI
-><P
->The ACL on the home directory. By default, the ACL on every new volume grants all seven permissions to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. After volume creation, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to remove the entry if desired, and to grant all seven permissions to the
- user.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ505"
-></A
->Authenticate as an AFS identity with all of the following privileges. In the conventional
- configuration, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> user account has them, or you possibly have a personal
- administrative account. (To increase cell security, it is best to create special privileged accounts for use only while
- performing administrative procedures; for further discussion, see <A
-HREF="c32432.html#HDRWQ584"
->An Overview of Administrative
- Privilege</A
->.) If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> admin_user
- Password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-></P
-><P
->The following list specifies the necessary privileges and indicates how to check that you have them.</P
-><UL
-><LI
-><P
->Membership in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To
- display the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Inclusion in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the
- users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on your Authentication Database entry. However, the
- Authentication Server performs its own authentication, so in Step <A
-HREF="c27596.html#LIWQ507"
->4</A
-> you specify an
- administrative identity on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> command line itself.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permissions on the ACL of the directory where
- you are mounting the user's volume. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which
- is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><P
->Knowledge of the password for the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->.</P
-></LI
-></UL
-></LI
-><LI
-><P
-><A
-NAME="LIWQ506"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> command to create an entry in the
- Protection Database. For a discussion of setting AFS UIDs, see <A
-HREF="c27596.html#HDRWQ496"
->Assigning AFS and UNIX UIDs that
- Match</A
->. If you are converting an existing UNIX account into an AFS account, also see <A
-HREF="c27596.html#HDRWQ498"
->Converting Existing UNIX Accounts</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->> [<<VAR
-CLASS="replaceable"
->user id</VAR
->>]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cu</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->createuser</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->createu</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the user's username (the character string typed at login). It is best to limit the name to eight or
- fewer lowercase letters, because many application programs impose that limit. The AFS servers themselves accept
- names of up to 63 lowercase letters. Also avoid the following characters: colon (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->), semicolon (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->;</B
-></SPAN
->), comma (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->,</B
-></SPAN
->), at sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@</B
-></SPAN
->), space, newline, and the period (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->), which is conventionally used only in special administrative names.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user id</B
-></SPAN
-></DT
-><DD
-><P
->Is optional and appropriate only if the user already has a UNIX UID that the AFS UID must match. If you do not
- provide this argument, the Protection Server assigns one automatically based on the counter described in <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->. If the ID you specify is less than
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> (one) or is already in use, an error results.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
-><A
-NAME="LIWQ507"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas create</B
-></SPAN
-> command to create an entry in the
- Authentication Database. To avoid having the user's temporary initial password echo visibly on the screen, omit the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-initial_password</B
-></SPAN
-> argument; instead enter the password at the prompts that appear when
- you omit the argument, as shown in the following syntax specification.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas create</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
- initial_password: <<VAR
-CLASS="replaceable"
->initial_password</VAR
->>
- Verifying, please re-enter initial_password: <<VAR
-CLASS="replaceable"
->initial_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cr</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->create</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the same username as in Step <A
-HREF="c27596.html#LIWQ506"
->3</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->initial_password</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the initial password as a string of eight characters or less, to comply with the length
- restriction that some applications impose. Possible choices for an initial password include the username, a string
- of digits from a personal identification number such as the Social Security number, or a standard string such as
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->changeme</B
-></SPAN
->. Instruct the user to change the string to a truly secret password as
- soon as possible by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command as described in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM
- AFS User Guide</I
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ508"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> command to create the user's volume.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->partition name</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->initial quota (KB)</VAR
->>]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cr</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->create</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine on which to place the new volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition on which to place the new volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name</B
-></SPAN
-></DT
-><DD
-><P
->Names the new volume. The name can include up to 22 characters. By convention, user volume names have the form
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
->username, where username is the name assigned in Step <A
-HREF="c27596.html#LIWQ506"
->3</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-></DT
-><DD
-><P
->Sets the volume's quota, as a number of kilobyte blocks. If you omit this argument, the default is 5000
- KB.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
-><A
-NAME="LIWQ509"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to mount the volume in the
- filespace and create the user's home directory. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mkmount</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->directory</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point to create. A directory of the same name must not already exist. Partial pathnames are
- interpreted relative to the current working directory. By convention, user home directories are mounted in a
- directory called something like <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.</B
-></SPAN
->cellname<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
->, and the home directory name matches the username assigned in Step <A
-HREF="c27596.html#LIWQ506"
->3</A
->.</P
-><P
->Specify the read/write path to the mount point, to avoid the failure that results when you attempt to create
- the new mount point in a read-only volume. By convention, you indicate the read/write path by placing a period
- before the cell name at the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->).
- For further discussion of the concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount Point Traversal</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name</B
-></SPAN
-></DT
-><DD
-><P
->Is the name of the volume created in Step <A
-HREF="c27596.html#LIWQ508"
->5</A
->.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> command with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-offlinemsg</B
-></SPAN
-> argument to record auxiliary information about the volume in its volume
- header. For example, you can record who owns the volume or where you have mounted it in the filespace. To display the
- information, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dir/file path</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-offlinemsg</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->offline message</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sv</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setvol</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setv</B
-></SPAN
->
- the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point of the volume with which to associate the message. Partial pathnames are interpreted
- relative to the current working directory.</P
-><P
->Specify the read/write path to the mount point, to avoid the failure that results when you attempt to change a
- read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the
- pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For further discussion of the
- concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount
- Point Traversal</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-offlinemsg</B
-></SPAN
-></DT
-><DD
-><P
->Specifies up to 128 characters of auxiliary information to record in the volume header.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
-><A
-NAME="LIWQ510"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to set the ACL on the new home
- directory. At the least, create an entry that grants all permissions to the user, as shown.</P
-><P
->You can also use the command to edit or remove the entry that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
->
- command automatically places on the ACL for a new volume's root directory, which grants all permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. Keep in mind that even if you remove the entry, the members of the
- group by default have implicit <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by
- default <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions on every ACL, and can
- grant themselves other permissions as required.</P
-><P
->For detailed instructions for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command, see <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> desired_permissions]
-</PRE
-></LI
-><LI
-><P
-><A
-NAME="LIWQ511"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Create configuration files and subdirectories in
- the new home directory. Possibilities include <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.logout</B
-></SPAN
-> files, a shell-initialization file such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.cshrc</B
-></SPAN
->, files
- to help with printing and mail delivery, and so on.</P
-><P
->If you are converting an existing UNIX account into an AFS account, you possibly wish to move some files and
- directories into the user's new AFS home directory. See <A
-HREF="c27596.html#HDRWQ498"
->Converting Existing UNIX
- Accounts</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> In the new <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> or shell
- initialization file, define the user's $PATH environment variable to include the directories where AFS binaries are kept
- (for example, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/bin</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/etc</B
-></SPAN
->
- directories).</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ512"
-></A
->In Step <A
-HREF="c27596.html#LIWQ513"
->12</A
-> and Step <A
-HREF="c27596.html#LIWQ514"
->14</A
->, you
- must know the user's AFS UID. If you had the Protection Server assign it in Step <A
-HREF="c27596.html#LIWQ506"
->3</A
->, you
- probably do not know it. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command to display it.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->e</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->examine</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user or group name or id</B
-></SPAN
-></DT
-><DD
-><P
->Is the username that you assigned in Step <A
-HREF="c27596.html#LIWQ506"
->3</A
->.</P
-></DD
-></DL
-></DIV
-><P
->The first line of the output displays the username and AFS UID. For further discussion and an example of the output,
- see <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ513"
-></A
->Designate the user as the owner of the home directory and any files and subdirectories
- created or moved in Step <A
-HREF="c27596.html#LIWQ511"
->9</A
->. Specify the owner by the AFS UID you learned in Step <A
-HREF="c27596.html#LIWQ512"
->11</A
-> rather than by username. This is necessary for new accounts because the user does not yet have
- an entry in your local machine's password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent). If you are
- converting an existing UNIX account, an entry possibly already exists, but the UID is possibly incorrect. In that case,
- specifying a username means that the corresponding (possibly incorrect) UID is recorded as the owner.</P
-><P
->Some operating systems allow only the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command. If necessary, issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command before the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> new_owner_ID directory
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->new_owner_ID</B
-></SPAN
-></DT
-><DD
-><P
->Is the user's AFS UID, which you learned in Step <A
-HREF="c27596.html#LIWQ512"
->11</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->directory</B
-></SPAN
-></DT
-><DD
-><P
->Names the home directory you created in Step <A
-HREF="c27596.html#LIWQ509"
->6</A
->, plus each subdirectory or
- file you created in Step <A
-HREF="c27596.html#LIWQ511"
->9</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If the new user home directory resides in a replicated volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
->
- command to release the volume, as described in <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a
- read-only volume)</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->This step can be necessary even if the home directory's parent directory is not itself a mount point for a
- replicated volume (and is easier to overlook in that case). Suppose, for example, that the ABC Corporation puts the
- mount points for user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr</B
-></SPAN
-> directory. Because that is a
- regular directory rather than a mount point, it resides in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume mounted
- at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
-> directory. That volume is replicated, so after changing it by
- creating a new mount point the administrator must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command.</P
-></BLOCKQUOTE
-></DIV
-></LI
-><LI
-><P
-><A
-NAME="LIWQ514"
-></A
->Create or modify an entry for the new user in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) of each machine the user can log onto. Remember to make the UNIX UID the
- same as the AFS UID you learned in Step <A
-HREF="c27596.html#LIWQ512"
->11</A
->, and to fill the password field appropriately
- (for instructions, see <A
-HREF="c27596.html#HDRWQ497"
->Specifying Passwords in the Local Password File</A
->).</P
-><P
->If you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> utility to distribute a common version of the password file
- to all client machines, then you need to make the change only in the common version. See <A
-HREF="c23832.html"
->Configuring Client Machines with the package Program</A
->.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ515"
->Improving Password and Authentication Security</A
-></H1
-><P
->AFS provides several optional features than can help to protect your cell's filespace against unauthorized access. The
- following list summarizes them, and instructions follow. <UL
-><LI
-><P
->Limit the number of consecutive failed login attempts.</P
-><P
->One of the most common ways for an unauthorized user to access your filespace is to guess an authorized user's
- password. This method of attack is most dangerous if the attacker can use many login processes in parallel or use the RPC
- interfaces directly.</P
-><P
->To protect against this type of attack, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command to limit the number of times that a user can consecutively fail to enter the
- correct password when using either an AFS-modified login utility or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command.
- When the limit is exceeded, the Authentication Server locks the user's Authentication Database entry (disallows
- authentication attempts) for a period of time that you define with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locktime</B
-></SPAN
-> argument
- to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command. If desired, system administrators can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas unlock</B
-></SPAN
-> command to unlock the entry before the complete lockout time passes.</P
-><P
->In certain circumstances, the mechanism used to enforce the number of failed authentication attempts can cause a
- lockout even though the number of failed attempts is less than the limit set by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
-> argument. Client-side authentication programs such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> and an AFS-modified login utility normally choose an Authentication Server at random for each
- authentication attempt, and in case of a failure are likely to choose a different Authentication Server for the next
- attempt. The Authentication Servers running on the various database server machines do not communicate with each other
- about how many times a user has failed to provide the correct password to them. Instead, each Authentication Server
- maintains its own separate copy of the auxiliary database file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaserverauxdb</B
-></SPAN
-> (located in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local</B
-></SPAN
-> directory by default), which records the number of consecutive
- authentication failures for each user account and the time of the most recent failure. This implementation means that on
- average each Authentication Server knows about only a fraction of the total number of failed attempts. The only way to
- avoid allowing more than the number of attempts set by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
-> argument is to have
- each Authentication Server allow only some fraction of the total. More specifically, if the limit on failed attempts is
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->f</I
-></SPAN
->, and the number of Authentication Servers is <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->S</I
-></SPAN
->, then each Authentication
- Server can only permit a number of attempts equal to <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->f</I
-></SPAN
-> divided by <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->S</I
-></SPAN
-> (the Ubik
- synchronization site for the Authentication Server tracks any remainder, <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->f mod S</I
-></SPAN
->).</P
-><P
->Normally, this implementation does not reduce the number of allowed attempts to less than the configured limit
- (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->f</I
-></SPAN
->). If one Authentication Server refuses an attempt, the client contacts another instance of the
- server, continuing until either it successfully authenticates or has contacted all of the servers. However, if one or more
- of the Authentication Server processes is unavailable, the limit is effectively reduced by a percentage equal to the
- quantity <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->U</I
-></SPAN
-> divided by <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->S</I
-></SPAN
->, where <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->U</I
-></SPAN
-> is the number of
- unavailable servers and <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->S</I
-></SPAN
-> is the number normally available.</P
-><P
->To avoid the undesirable consequences of setting a limit on failed authentication attempts, note the following
- recommendations: <UL
-><LI
-><P
->Do not set the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
-> argument (the limit on failed authentication
- attempts) too low. A limit of nine failed attempts is recommended for regular user accounts, to allow three failed
- attempts per Authentication Server in a cell with three database server machines.</P
-></LI
-><LI
-><P
->Set fairly short lockout times when including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locktime</B
-></SPAN
-> argument.
- Although guessing passwords is a common method of attack, it is not a very sophisticated one. Setting a lockout time
- can help discourage attackers, but excessively long times are likely to be more of a burden to authorized users than
- to potential attackers. A lockout time of 25 minutes is recommended for regular user accounts.</P
-></LI
-><LI
-><P
->Do not assign an infinite lockout time on an account (by setting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locktime</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> [zero]) unless there is a highly
- compelling reason. Such accounts almost inevitably become locked at some point, because each Authentication Server
- never resets the account's failure counter in its copy of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaauxdb</B
-></SPAN
-> file (in
- contrast, when the lockout time is not infinite, the counter resets after the specified amount of time has passed
- since the last failed attempt to that Authentication Server). Furthermore, the only way to unlock an account with an
- infinite lockout time is for an administrator to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas unlock</B
-></SPAN
-> command. It
- is especially dangerous to set an infinite lockout time on an administrative account; if all administrative accounts
- become locked, the only way to unlock them is to shut down all instances of the Authentication Server and remove the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaauxdb</B
-></SPAN
-> file on each.</P
-></LI
-></UL
-></P
-><P
->In summary, the recommended limit on authentication attempts is nine and lockout time 25 minutes.</P
-></LI
-><LI
-><P
->Limit password lifetime.</P
-><P
->The longer a password is in use, the more time an attacker has to try to learn it. To protect against this type of
- attack, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
->
- command to limit how many days a user's password is valid. The user becomes unable to authenticate with AFS after the
- password expires, but has up to 30 days to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command to set a new password.
- After the 30 days pass, only an administrator who has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on the
- Authentication Database entry can change the password.</P
-><P
->If you set a password lifetime, many AFS-modified login utilities (but not the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->
- command) set the PASSWORD_EXPIRES environment variable to the number of days remaining until the password expires. A
- setting of zero means that the password expires today. If desired, you can customize your users' login scripts to display
- the number of days remaining before expiration and even prompt for a password change when a small number of days remain
- before expiration.</P
-></LI
-><LI
-><P
->Prohibit reuse of passwords.</P
-><P
->Forcing users to select new passwords periodically is not effective if they simply set the new password to the
- current value. To prevent a user from setting a new password to a string similar to any of the last 20 passwords, use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-reuse</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command.</P
-><P
->If you prohibit password reuse and the user specifies an excessively similar password, the Authentication Server
- generates the following message to reject it:</P
-><PRE
-CLASS="programlisting"
-> Password was not changed because it seems like a reused password
-</PRE
-><P
->A persistent user can try to bypass this restriction by changing the password 20 times in quick succession (or
- running a script to do so). If you believe this is likely to be a problem, you can include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-minhours</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaserver</B
-></SPAN
-> initialization command (for
- details, see the command's reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->. If the user
- attempts to change passwords too frequently, the following message appears.</P
-><PRE
-CLASS="programlisting"
-> Password was not changed because you changed it too recently; see
- your systems administrator
-</PRE
-></LI
-><LI
-><P
->Check the quality of new passwords.</P
-><P
->You can impose a minimum quality standard on passwords by writing a script or program called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
->. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> file exists, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> command interpreters invoke it to
- check a new password. If the password does not comply with the quality standard, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> program returns an appropriate code and the command interpreter rejects the
- password.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> file must be executable, must reside in the same AFS directory as the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> binaries, and its directory's ACL must
- grant the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) permission only to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group.</P
-><P
->If you choose to write a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> program, consider imposing standards such as the
- following. <UL
-><LI
-><P
->A minimum length</P
-></LI
-><LI
-><P
->Words found in the dictionary are prohibited</P
-></LI
-><LI
-><P
->Numbers, punctuation, or both must appear along with letters</P
-></LI
-></UL
-></P
-><P
->The AFS distribution includes an example <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> program. See the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_585"
->To limit the number of consecutive failed authentication attempts</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
->
- and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locktime</B
-></SPAN
-> arguments.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->maximum successive failed login tries ([0..254])</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locktime</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->failure penalty [hh:mm or minutes]</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Names the Authentication Database entry to edit.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> account. The password prompt
- echoes it as admin_user. Enter the appropriate password as admin_password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the maximum consecutive number of times that a user can fail to provide the correct password
- during authentication (via the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command or an AFS-modified login utility)
- before the Authentication Server refuses further attempts for the amount of time specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locktime</B
-></SPAN
-> argument. The range of valid values is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero)
- through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->254</B
-></SPAN
->. If you omit this argument or specify <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
->, the Authentication Server allows an unlimited number of failures.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locktime</B
-></SPAN
-></DT
-><DD
-><P
->Specifies how long the Authentication Server refuses authentication attempts after the user exceeds the
- failure limit specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-attempts</B
-></SPAN
-> argument.</P
-><P
->Specify a time in either hours and minutes (hh:mm) or minutes only (mm), from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->01</B
-></SPAN
-> (one minute) through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->36:00</B
-></SPAN
-> (36 hours). The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> command interpreter automatically reduces any larger value to 36:00 and also rounds up
- each nonzero value to the next-higher multiple of 8.5 minutes.</P
-><P
->It is best not to provide a value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero), especially on administrative
- accounts, because it sets an infinite lockout time. An administrator must always issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas unlock</B
-></SPAN
-> command to unlock such an account.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_586"
->To unlock a locked user account</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> command to enter interactive mode.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas -admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
- ka>
-</PRE
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> names an administrative account that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as admin_user. Enter the appropriate password as
- admin_password.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(kas) examine</B
-></SPAN
-> command to verify that the user's account is in fact
- locked, as indicated by the message shown: <PRE
-CLASS="programlisting"
-> ka> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->>
- User is locked until time
-</PRE
-> </P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(kas) unlock</B
-></SPAN
-> command to unlock the account. <PRE
-CLASS="programlisting"
-> ka> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlock</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->authentication ID</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->u</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlock</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->authentication ID</B
-></SPAN
-></DT
-><DD
-><P
->Names the Authentication Database entry to unlock.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_587"
->To set password lifetime</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-> argument.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->number days password is valid [0..254])</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the Authentication Database entry on which to impose a password expiration.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pwexpires</B
-></SPAN
-></DT
-><DD
-><P
->Sets the number of days after the user's password was last changed that it remains valid. Provide an integer
- from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->254</B
-></SPAN
-> to specify the
- number of days until expiration.</P
-><P
->When the password becomes invalid (expires), the user is unable to authenticate, but has 30 more days in
- which to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
->
- command to change the password (after that, only an administrator can change it). Note that the clock starts at
- the time the password was last changed, not when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command is
- issued. To avoid retroactive expiration, have the user change the password just before issuing the command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_588"
->To prohibit reuse of passwords</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-reuse</B
-></SPAN
->
- argument.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-reuse</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
-> permit password reuse (yes/no)</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Names the Authentication Database entry for which to set the password reuse policy.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-reuse</B
-></SPAN
-></DT
-><DD
-><P
->Specifies whether the Authentication Server allows reuse of passwords similar to any of the user's last 20
- passwords. Specify the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->no</B
-></SPAN
-> to prohibit reuse, or the value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->yes</B
-></SPAN
-> to reinstate the default of allowing password reuse.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ516"
->Changing AFS Passwords</A
-></H1
-><P
->After setting an initial password during account creation, you normally do not need to change user passwords, since they
- can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command themselves by following the instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS
- User Guide</I
-></SPAN
->. In the rare event that a user forgets the password or otherwise cannot log in, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> command to set a new password.</P
-><P
->If entries in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) have actual scrambled
- passwords in their password field, remember to change the password there also. For further discussion, see <A
-HREF="c27596.html#HDRWQ497"
->Specifying Passwords in the Local Password File</A
->. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_590"
->To change an AFS password</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> command to change the password. To avoid having the new
- password echo visibly on the screen, omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-new_password</B
-></SPAN
-> argument; instead enter the
- password at the prompts that appear when you omit the argument, as shown.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
- new_password: <<VAR
-CLASS="replaceable"
->new_password</VAR
->>
- Verifying, please re-enter new_password: <<VAR
-CLASS="replaceable"
->new_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sp</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setpassword</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setp</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Names the Authentication Database entry for which to set the password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->new_password</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the user's new password. It is subject to the restrictions imposed by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> program, if you use it.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ517"
->Displaying and Setting the Quota on User Volumes</A
-></H1
-><P
->User volumes are like all other volumes with respect to quota. Each new AFS volume has a default quota of 5000 KB, unless
- you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> command to
- set a different quota. You can also use either of the following commands to change quota at any time: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setquota</B
-></SPAN
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-></P
-></LI
-></UL
-></P
-><P
->You can use any of the three following commands to display a volume's quota: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota</B
-></SPAN
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-></P
-></LI
-></UL
-></P
-><P
->For instructions, see <A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume Quota and Current Size</A
->. </P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ518"
->Changing Usernames</A
-></H1
-><P
->By convention, many components of a user account incorporate the username, including the Protection and Authentication
- Database entries, the volume name and the home directory name. When changing a username, it is best to maintain consistency by
- changing the names of all components, so the procedure for changing a username has almost as many steps as the procedure for
- creating a new user account.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_593"
->To change a username</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Authenticate as an AFS identity with all of the following privileges. In the conventional configuration, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> user account has them, or you possibly have a personal administrative account. (To
- increase cell security, it is best to create special privileged accounts for use only while performing administrative
- procedures; for further discussion, see <A
-HREF="c32432.html#HDRWQ584"
->An Overview of Administrative Privilege</A
->.) If
- necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> admin_user
- Password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-></P
-><P
->The following list specifies the necessary privileges and indicates how to check that you have them.</P
-><UL
-><LI
-><P
->Membership in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To
- display the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Inclusion in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the
- users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on the Authentication Database entry. However, the
- Authentication Server performs its own authentication, so the following instructions direct you to specify an
- administrative identity on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> command line itself.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) permissions on the ACL of the directory where you are removing the current mount point
- and creating a new one. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully
- described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-></UL
-></LI
-><LI
-><P
-><A
-NAME="LIWQ519"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command to display the names of the
- groups the user owns. After you change the username in the Protection Database in Step <A
-HREF="c27596.html#LIWQ520"
->3</A
->,
- you must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change each group's owner prefix to match the
- new name, because the Protection Server does not automatically make this change. For a complete description of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command, see <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the
- Protection Database</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ520"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change the user's name in
- the Protection Database. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->old name</VAR
->> <<VAR
-CLASS="replaceable"
->new name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change the group names you noted in Step <A
-HREF="c27596.html#LIWQ519"
->2</A
->, so that their owner prefix (the part of the group name before the colon) accurately reflects
- the owner's new name.</P
-><P
->Repeat the command for each group. Step <A
-HREF="c27596.html#LIWQ520"
->3</A
-> details its syntax.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->old name</VAR
->> <<VAR
-CLASS="replaceable"
->new name</VAR
->>
-</PRE
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> command to enter interactive mode.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas -admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
- ka>
-</PRE
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> names an administrative account that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as admin_user. Enter the appropriate password as
- admin_password. </P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(kas) delete</B
-></SPAN
-> command to delete the user's existing Authentication
- Database entry. <PRE
-CLASS="programlisting"
-> ka> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->del</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->, or you can use the alias
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rm</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Names the Authentication Database entry to delete.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(kas) create</B
-></SPAN
-> command to create an Authentication Database entry for the
- new username. To avoid having the user's password echo visibly on the screen, do not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-initial_password</B
-></SPAN
-> argument; instead enter the password at the prompts that appear in that case, as
- shown in the following syntax specification. <PRE
-CLASS="programlisting"
-> ka> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->create</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->>
- initial_password: <<VAR
-CLASS="replaceable"
->password</VAR
->>
- Verifying, please re-enter initial_password: <<VAR
-CLASS="replaceable"
->password</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cr</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->create</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the new username.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->password</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the password for the new user account. If the user is willing to tell you his or her current
- password, you can retain it. Otherwise, provide a string of eight characters or less to comply with the length
- restriction that some applications impose. Possible choices for an initial password include the username, a string
- of digits from a personal identification number such as the Social Security number, or a standard string such as
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->changeme</B
-></SPAN
->. Instruct the user to change the string to a truly secret password as soon
- as possible by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command as instructed in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS
- User Guide</I
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quit</B
-></SPAN
-> command to leave interactive mode. <PRE
-CLASS="programlisting"
-> ka> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quit</B
-></SPAN
->
-</PRE
-> </P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ521"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos rename</B
-></SPAN
-> command to change the name of the
- user's volume. For complete syntax, see <A
-HREF="c8420.html#HDRWQ246"
->To rename a volume</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos rename</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->old volume name</VAR
->> <<VAR
-CLASS="replaceable"
->new volume name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ522"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> command to remove the existing mount
- point. For the directory argument, specify the read/write path to the mount point, to avoid the failure that results when
- you attempt to delete a mount point from a read-only volume. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ523"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to create a mount point for the
- volume's new name. Specify the read/write path to the mount point for the directory argument, as in the previous step. For
- complete syntax, see Step <A
-HREF="c27596.html#LIWQ509"
->6</A
-> in <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with
- individual commands</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the changes you made in Step <A
-HREF="c27596.html#LIWQ522"
->10</A
-> and Step <A
-HREF="c27596.html#LIWQ523"
->11</A
-> are to
- a mount point that resides in a replicated volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command to release
- the volume, as described in <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->This step can be necessary even if the home directory's parent directory is not itself a mount point for a
- replicated volume (and is easier to overlook in that case). For example, the ABC Corporation template puts the mount
- points for user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr</B
-></SPAN
-> directory. Because that is a regular
- directory rather than a mount point, it resides in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume mounted at the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
-> directory. That volume is replicated, so after changing it the
- administrator must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command.</P
-></BLOCKQUOTE
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ524"
->Removing a User Account</A
-></H1
-><P
->Before removing an account, it is best to make a backup copy of the user's home volume on a permanent storage medium such
- as tape. If you need to remove several accounts, it is probably more efficient to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss
- delete</B
-></SPAN
-> command instead; see <A
-HREF="c24913.html#HDRWQ486"
->Deleting Individual Accounts with the uss delete
- Command</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_595"
->To remove a user account</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Authenticate as an AFS identity with all of the following privileges. In the conventional configuration, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> user account has them, or you possibly have a personal administrative account. (To
- increase cell security, it is best to create special privileged accounts for use only while performing administrative
- procedures; for further discussion, see <A
-HREF="c32432.html#HDRWQ584"
->An Overview of Administrative Privilege</A
->.) If
- necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> admin_user
- Password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-></P
-><P
->The following list specifies the necessary privileges and indicates how to check that you have them.</P
-><UL
-><LI
-><P
->Membership in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To
- display the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Inclusion in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the
- users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on the Authentication Database entry. However, the
- Authentication Server performs its own authentication, so the following instructions direct you to specify an
- administrative identity on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> command line itself.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->) permission on the ACL of the
- directory where you are removing the user volume's mount point. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-></UL
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> If it is possible you need to restore the user's account someday, note
- the username and AFS UID, possibly in a file designated for that purpose. You can later restore the account with its
- original AFS UID.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Copy the contents of the user's volume to tape. You can use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ240"
->Dumping and Restoring
- Volumes</A
-> or the AFS Backup System as described in <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ525"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> If you intend to remove groups that the user owns
- from the Protection Database after removing the user's entry, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
->
- command to display them. For complete instructions, see <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the
- Protection Database</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ526"
-></A
->(<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- delete</B
-></SPAN
-> command to remove the groups the user owns. However, if it is likely that other users have placed the
- groups on the ACLs of directories they own, it is best not to remove them. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->del</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user or group name or id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or AFS UID of each group displayed in the output from Step <A
-HREF="c27596.html#LIWQ525"
->4</A
->.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas delete</B
-></SPAN
-> command to remove the user's Authentication Database
- entry.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas delete</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Names the Authentication Database entry to delete.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
->. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ527"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command to display the site of the
- user's home volume in preparation for removing it. By convention, user volumes are named <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
->.username. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvl</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvldb</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the volume's name or volume ID number.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
-><A
-NAME="LIWQ528"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> command to remove the user's volume. It
- automatically removes the backup version of the volume, if it exists. It is not conventional to replicate user volumes, so
- the command usually also completely removes the volume's entry from the Volume Location Database (VLDB). If there are
- ReadOnly replicas of the volume, you must repeat the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> command to remove each
- one individually. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->partition name</VAR
->> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->remo</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->remove</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine that houses the volume, as specified in the output from Step <A
-HREF="c27596.html#LIWQ527"
->7</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition that houses the volume, as specified in the output from Step <A
-HREF="c27596.html#LIWQ527"
->7</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the volume's name or ID number.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
-><A
-NAME="LIWQ529"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> command to remove the volume's mount
- point.</P
-><P
->If you mounted the user's backup volume as a subdirectory of the home directory, then this command is sufficient to
- unmount the backup version as well. If you mounted the backup version at an unrelated location in the filespace, repeat
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> command for it.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rmm</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rmmount</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->directory</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point for the volume's previous name (the former home directory). Partial pathnames are
- interpreted relative to the current working directory.</P
-><P
->Specify the read/write path to the mount point, to avoid the failure that results when you attempt to delete
- a mount point from a read-only volume. By convention, you indicate the read/write path by placing a period before
- the cell name at the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For
- further discussion of the concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ530"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> command to remove the user's Protection
- Database entry. A complete description of this command appears in Step <A
-HREF="c27596.html#LIWQ526"
->5</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If the deleted user home directory resided in a replicated volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-> command to release the volume, as described in <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write
- volume (create a read-only volume)</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->This step can be necessary even if the home directory's parent directory is not itself a mount point for a
- replicated volume (and is easier to overlook in that case). For example, the ABC Corporation template puts the mount
- points for user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr</B
-></SPAN
-> directory. Because that is a regular
- directory rather than a mount point, it resides in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume mounted at the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
-> directory. That volume is replicated, so after changing it by deleting a
- mount point the administrator must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command.</P
-></BLOCKQUOTE
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c24913.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c29323.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Creating and Deleting User Accounts with the uss Command Suite</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p24911.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Administering the Protection Database</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Administering the Protection Database</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing Users and Groups"
-HREF="p24911.html"><LINK
-REL="PREVIOUS"
-TITLE="Administering User Accounts"
-HREF="c27596.html"><LINK
-REL="NEXT"
-TITLE="Managing Access Control Lists"
-HREF="c31274.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c27596.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c31274.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ531"
-></A
->Chapter 14. Administering the Protection Database</H1
-><P
->This chapter explains how to create and maintain user, machine, and group entries in the Protection Database.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ532"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN29329"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="70*"><COL
-WIDTH="30*"><TBODY
-><TR
-><TD
->Display Protection Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Map user, machine or group name to AFS ID</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display entry's owner or creator</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display number of users or machines belonging to group</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display number of groups user or machine belongs to</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display group-creation quota</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display entry's privacy flags</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display members of group, or groups that user or machine belongs to</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display groups that user or group owns</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display all entries in Protection Database</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listentries</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create machine entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create group entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Add users and machines to groups</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove users and machines from groups</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Delete machine or group entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change a group's owner</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Change an entry's name</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set group creation quota</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set entry's privacy flags</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display AFS ID counters</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listmax</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set AFS ID counters</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setmax</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ534"
->About the Protection Database</A
-></H1
-><P
->The Protection Database stores information about AFS users, client machines, and groups which the File Server process uses
- to determine whether clients are authorized to access AFS data.</P
-><P
->To obtain authenticated access to an AFS cell, a user must have an entry in the cell's Protection Database. The first time
- that a user requests access to the data stored on a file server machine, the File Server on that machine contacts the Protection
- Server to request the user's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->current protection subgroup</I
-></SPAN
-> (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->CPS</I
-></SPAN
->), which lists all the
- groups to which the user belongs. The File Server scans the access control list (ACL) of the directory that houses the data,
- looking for groups on the CPS. It grants access in accordance with the permissions that the ACL extends to those groups or to
- the user individually. (The File Server stores the CPS and uses it as long as the user has the same tokens. When a user's group
- membership changes, he or she must reauthenticate for the File Server to recognize the change.)</P
-><P
->Only administrators who belong to the cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can create user
- entries (the group is itself defined in the Protection Database, as discussed in <A
-HREF="c29323.html#HDRWQ535"
->The System
- Groups</A
->). Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can also create machine entries,
- which can then be used to control access based on the machine from which the access request originates. After creating a machine
- entry, add it to a Protection Database group and place the group on ACLs (a machine cannot appear on ACLs directly). A machine
- entry can represent a single machine or multiple machines with consecutive IP addresses as specified by a wildcard notation. For
- instructions, see <A
-HREF="c29323.html#HDRWQ542"
->Creating User and Machine Entries</A
->. Because all replicas of a volume share the
- same ACL (the one on the volume's root directory mount point), machine entries enable you to replicate the volume that houses a
- program's binary file while still complying with a machine-based license agreement as required by the program's manufacturer.
- See <A
-HREF="c29323.html#HDRWQ542"
->Creating User and Machine Entries</A
->.</P
-><P
->A group entry is a list of user entries, machine entries, or both (groups cannot belong to other groups). Putting a group
- on an ACL is a convenient way to extend or deny access to a set of users without listing them on the ACL individually.
- Similarly, adding users to a group automatically grants them access to all files and directories for which the associated ACL
- lists that group. Both administrators and regular users can create groups. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ535"
->The System Groups</A
-></H2
-><P
->In addition to the groups that users and administrators can create, AFS defines the following three system groups. The
- Protection Server creates them automatically when it builds the first version of a cell's Protection Database, and always
- assigns them the same AFS GIDs. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-></DT
-><DD
-><P
->Represents all users able to access the cell's filespace from the local and foreign cells, authenticated or not.
- Its AFS GID is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-101</B
-></SPAN
->. The group has no stable membership listed in the Protection
- Database. Accordingly, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command displays <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> in its <SAMP
-CLASS="computeroutput"
->membership</SAMP
-> field, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- membership</B
-></SPAN
-> command does not list any members for it.</P
-><P
->Placing this group on an ACL is a convenient way to extend access to all users. The File Server automatically
- places this group on the CPS of any user who requests access to data stored on a file server machine. (Every
- unauthenticated user is assigned the identity <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> and this group is the only
- entry on the CPS for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
->.)</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-></DT
-><DD
-><P
->Represents all users who are able to access the cell's filespace from the local and foreign cells and who have
- successfully obtained an AFS token in the local cell (are authenticated). Its AFS GID is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-102</B
-></SPAN
->. Like the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group, it has no stable
- membership listed in the Protection Database. Accordingly, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command
- displays <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> in its <SAMP
-CLASS="computeroutput"
->membership</SAMP
-> field, and the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command does not list any members for it.</P
-><P
->Placing this group on an ACL is therefore a convenient way to extend access to all authenticated users. The File
- Server automatically places this group on the CPS of any authenticated user who requests access to data stored on a
- file server machine.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-></DT
-><DD
-><P
->Represents the small number of cell administrators authorized to issue privileged <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> commands and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands that set quota. The ACL on
- the root directory of every newly created volume grants all permissions to the group. Even if you remove that entry,
- the group implicitly retains the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->), and
- by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->), permission on every
- ACL. Its AFS GID is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-204</B
-></SPAN
->. For instructions on administering this group, see <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ536"
->Displaying Information from the Protection Database</A
-></H1
-><P
->This section describes the commands you can use to display Protection Database entries and associated information. In
- addition to name and AFS ID, the Protection Database stores the following information about each user, machine, or group entry.
- <UL
-><LI
-><P
->The entry's owner, which is the user or group of users who can administer the entry</P
-></LI
-><LI
-><P
->The entry's creator, which serves mostly as an audit trail</P
-></LI
-><LI
-><P
->A membership count, which indicates how many groups a user or machine belongs to, or how many members belong to a
- group</P
-></LI
-><LI
-><P
->A set of privacy flags, which control which users can administer or display information about the entry</P
-></LI
-><LI
-><P
->A group-creation quota, which defines how many groups a user can create</P
-></LI
-><LI
-><P
->A list of the groups to which a user or machine belongs, or of the users and machines that belong to a group</P
-></LI
-><LI
-><P
->A list of the groups that a user or group owns</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ537"
->To display a Protection Database entry</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group, which enables you to
- display an entry regardless of the setting of its first (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
->) privacy flag. By default, any
- user can display a Protection Database entry. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
->
- command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display the members of the system:administrators
- group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command to display one or more Protection Database entries.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->e</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->examine</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->check</B
-></SPAN
-> is an alias).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user or group name or id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or AFS ID of each entry to display. Precede any AFS GID with a hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) because it is a negative integer.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->The output includes the following fields. Examples follow. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Name</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the entry's name. <UL
-><LI
-><P
->For a user, this is the name used when authenticating with AFS and the name that appears on ACL
- entries.</P
-></LI
-><LI
-><P
->For a machine, this is the IP address of a single machine, or a wildcard notation that represents a group
- of machines with consecutive IP addresses, as described in <A
-HREF="c29323.html#HDRWQ542"
->Creating User and Machine
- Entries</A
->.</P
-></LI
-><LI
-><P
->For a group, this is the name that appears on ACL entries and in the list of groups output by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command. The names of <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->regular</I
-></SPAN
-> groups have
- two parts, separated by a colon (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->). The part before the colon indicates the
- group's owner, and the part after is the unique name. A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->prefix-less</I
-></SPAN
-> group's name does not
- have the owner prefix; only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can
- create prefix-less groups. For further discussion of group names, see <A
-HREF="c29323.html#HDRWQ544"
->Creating
- Groups</A
->.</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->id</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the entry's unique AFS identification number. For user and machine entries, the AFS user ID (AFS UID)
- is a positive integer; for groups, the AFS group ID (AFS GID) is a negative integer. AFS UIDs and GIDs have the same
- function as their counterparts in the UNIX file system, but are used by the AFS servers and the Cache Manager
- only.</P
-><P
->Normally, the Protection Server assigns an AFS UID or GID automatically when you create Protection Database
- entries. Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can specify an ID if desired. For
- further discussion, see <A
-HREF="c29323.html#HDRWQ542"
->Creating User and Machine Entries</A
-> and <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->owner</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Names the user or group who owns the entry and therefore can administer it (for more information about a group
- owning another group, see <A
-HREF="c29323.html#HDRWQ545"
->Using Groups Effectively</A
->). Other users possibly have
- administrative privileges, too, depending on the setting of the entry's privacy flags. For instructions on changing
- the owner, see <A
-HREF="c29323.html#HDRWQ554"
->Changing a Group's Owner</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->creator</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Names the user who created the entry, and serves as an audit trail. If the entry is deleted from the Protection
- Database, the creator's group creation quota increases by one, even if the creator no longer owns the entry; see <A
-HREF="c29323.html#HDRWQ558"
->Setting Group-Creation Quota</A
->.</P
-><P
->The value <SAMP
-CLASS="computeroutput"
->anonymous</SAMP
-> in this field generally indicates that the entry was
- created when the Protection Server was running in no-authentication mode, probably during initial configuration of the
- cell's first file server machine. For a description of no-authentication mode, see <A
-HREF="c3025.html#HDRWQ123"
->Managing
- Authentication and Authorization Requirements</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->membership</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the number of groups to which the user or machine belongs, or the number of users or machines that
- belong to the group.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->flags</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies who can display or change information in a Protection Database entry. The five flags, each
- representing a different capability, always appear in the same order. <UL
-><LI
-><P
->For user entries, the default value is <SAMP
-CLASS="computeroutput"
->S----</SAMP
->, which indicates that anyone
- can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command on the entry, but only the user and members
- of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can perform any other action.</P
-></LI
-><LI
-><P
->For machine entries, the default value is <SAMP
-CLASS="computeroutput"
->S----</SAMP
->, which indicates that
- anyone can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command on the entry, but only members of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can perform any other action.</P
-></LI
-><LI
-><P
->For group entries, the default value is <SAMP
-CLASS="computeroutput"
->S-M--</SAMP
->, which indicates that
- anyone can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- membership</B
-></SPAN
-> commands on the entry, but only the group's owner and members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can perform any other action.</P
-></LI
-></UL
-></P
-><P
->For a complete description of possible values for the flags, see <A
-HREF="c29323.html#HDRWQ559"
->Setting the Privacy
- Flags on Database Entries</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->group quota</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies how many more groups a user can create in the Protection Database. The value for a newly created user
- entry is 20, but members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> command at any time to change the value; see <A
-HREF="c29323.html#HDRWQ558"
->Setting
- Group-Creation Quota</A
->.</P
-><P
->Group creation quota has no meaning for a machine or group entry: the Protection Server recognizes the issuer of
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-> command only as an authenticated user or as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user, never as a machine or group. The default value for group entries is 0 (zero),
- and there is no reason to change it.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The following examples show the output for a user called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, a machine with IP address
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.108.133</B
-></SPAN
-> and a group called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine pat</B
-></SPAN
->
- Name: pat, id: 1020, owner: system:administrators, creator: admin,
- membership: 12, flags: S----, group quota: 15.
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts ex 192.12.108.133</B
-></SPAN
->
- Name: 192.12.108.133, id: 5151, owner: system:administrators, creator: admin,
- membership: 1, flags: S----, group quota: 20.
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine terry:friends</B
-></SPAN
->
- Name: terry:friends, id: -567, owner: terry, creator: terry,
- membership: 12, flags: SOm--, group quota: 0.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ538"
->To display group membership</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group, which enables you to
- display an entry's group membership information regardless of the setting of its third (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
->) privacy flag. By default the owner and the user can display group membership for a user entry,
- the owner for a machine entry, and anyone for a group entry. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display the members of the
- system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ539"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to display the list of
- groups to which a user or machine belongs, or the list of users and machines that belong to a group. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->membership</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user or group name or id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or AFS UID of each user or machine for which to list the groups it belongs to, or the name
- or AFS GID of each group for which to list the members.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->For user and machine entries, the output begins with the following string, and then each group appears on its own
- line:</P
-><PRE
-CLASS="programlisting"
-> Groups user_or_machine (id: AFS_UID) is a member of:
-</PRE
-><P
->For group entries, the output begins with the following string, and then each member appears on its own line:</P
-><PRE
-CLASS="programlisting"
-> Members of group (id: AFS_GID) are:
-</PRE
-><P
->For the system groups <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
->, the output includes the initial header string only, because these groups do not have a
- stable membership listed in their Protection Database entry. See <A
-HREF="c29323.html#HDRWQ535"
->The System Groups</A
->.</P
-><P
->The following examples show the output for a user called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> and a group called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts mem terry</B
-></SPAN
->
- Groups terry (id: 5347) is a member of:
- pat:friends
- sales
- acctg:general
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts mem terry:friends</B
-></SPAN
->
- Members of terry:friends (id: -567) are:
- pat
- smith
- johnson
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ540"
->To list the groups that a user or group owns</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group, which enables you to
- display an entry's group ownership information regardless of the setting of its second (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->o</B
-></SPAN
->) privacy flag. By default the owner can list the groups owned by group, and a user the groups he
- or she owns. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in
- <A
-HREF="c32432.html#HDRWQ587"
->To display the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command to list the groups owned by each user or group.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listo</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listowned</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user or group name or id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or AFS UID of each user, or the name or AFS GID or each group, for which to list the groups
- owned.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->The output begins with the following string, and then each group appears on its own line:</P
-><PRE
-CLASS="programlisting"
-> Groups owned by user_or_group (id: AFS_ID) are:
-</PRE
-><P
->The following examples show the output for a user called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> and a group called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listo terry</B
-></SPAN
->
- Groups owned by terry (id: 5347) are:
- terry:friends
- terry:co-workers
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listo terry:friends</B
-></SPAN
->
- Groups owned by terry:friends (id: -567) are:
- terry:pals
- terry:buddies
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ541"
->To display all Protection Database entries</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listentries</B
-></SPAN
-> command to display all Protection Database entries.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listentries</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-users</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-groups</B
-></SPAN
->]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->liste</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listentries</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-users</B
-></SPAN
-></DT
-><DD
-><P
->Displays user and machine entries. The same output results if you omit both this flag and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-groups</B
-></SPAN
-> flag.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-groups</B
-></SPAN
-></DT
-><DD
-><P
->Displays group entries.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->The output is a table that includes the following columns. Examples follow. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Name</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the entry's name.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->ID</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the entry's AFS identification number. For user and machine entries, the AFS user ID (AFS UID) is a
- positive integer; for groups, the AFS group ID (AFS GID) is a negative integer.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Owner</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the AFS ID of the user or group who owns the entry and therefore can administer it.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Creator</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the AFS UID of the user who created the entry.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The following example is from the ABC Corporation cell. The issuer provides no options, so the output includes user and
- machine entries.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listentries</B
-></SPAN
->
- Name ID Owner Creator
- anonymous 32766 -204 -204
- admin 1 -204 32766
- pat 1000 -204 1
- terry 1001 -204 1
- smith 1003 -204 1
- jones 1004 -204 1
- 192.12.105.33 2000 -204 1
- 192.12.105.46 2001 -204 1
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ542"
->Creating User and Machine Entries</A
-></H1
-><P
->An entry in the Protection Database is one of the two required components of every AFS user account, along with an entry
- in the Authentication Database. It is best to create a Protection Database user entry only in the context of creating a complete
- user account, by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command as
- described in <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command Suite</A
->, or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> command as described in <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->.</P
-><P
->You can also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> command to create Protection Database machine
- entries, which can then be used to control access based on the machine from which the access request originates. After creating
- a machine entry, add it to a Protection Database group and place the group on ACLs ( a machine cannot appear on ACLs directly).
- Because all replicas of a volume share the same ACL (the one on the volume's root directory mount point), you can replicate the
- volume that houses a program's binary file while still complying with a machine-based license agreement as required by the
- program's manufacturer. If you do not place any other entries on the ACL, then only users working on the designated machines can
- access the file.</P
-><P
->Keep in mind that creating an ACL entry for a group with machine entries in it extends access to both authenticated and
- unauthenticated users working on the machine. However, you can deny access to unauthenticated users by omitting an entry for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group from the ACLs of the parent directories in the file's pathname.
- Conversely, if you want to enable unauthenticated users on the machine to access a file, then the ACL on every directory leading
- to it must include an entry for either the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group or a group to which the machine
- entry belongs. For more information on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group, see <A
-HREF="c29323.html#HDRWQ535"
->The System Groups</A
->.</P
-><P
->Because a machine entry can include unauthenticated users, it is best not to add both machine entries and user entries to
- the same group. In general, it is easier to use and administer nonmixed groups. A machine entry can represent a single machine,
- or multiple machines with consecutive IP addresses (that is, all machines on a network or subnet) specified by a wildcard
- notation. See the instructions in <A
-HREF="c29323.html#HDRWQ543"
->To create machine entries in the Protection Database</A
->.</P
-><P
->By default, the Protection Server assigns the next available AFS UID to a new user or machine entry. It is best to allow
- this, especially for machine entries. For user entries, it makes sense to assign an AFS UID only if the user already has a UNIX
- UID that the AFS UID needs to match (see <A
-HREF="c27596.html#HDRWQ496"
->Assigning AFS and UNIX UIDs that Match</A
->). When
- automatically allocating an AFS UID, the Protection Server increments the <SAMP
-CLASS="computeroutput"
->max user id</SAMP
-> counter
- by one and assigns the result to the new entry. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listmax</B
-></SPAN
-> command to display the
- counter, as described in <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->. </P
-><P
->Do not reuse the AFS UIDs of users who have left your cell permanently or machine entries you have removed, even though
- doing so seems to avoid the apparent waste of IDs. When you remove a user or machine entry from the Protection Database, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command displays the AFS UID associated with the former entry, rather than the name.
- If you then assign the AFS UID to a new user or machine, the new user or machine automatically inherits permissions that were
- granted to the previous possessor of the ID. To remove obsolete AFS UIDs from ACLs, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- cleanacl</B
-></SPAN
-> command described in <A
-HREF="c31274.html#HDRWQ579"
->Removing Obsolete AFS IDs from ACLs</A
->.</P
-><P
->In addition to the name and AFS UID, the Protection Server records the following values in the indicated fields of a new
- user or machine's entry. For more information and instructions on displaying an entry, see <A
-HREF="c29323.html#HDRWQ537"
->To display a
- Protection Database entry</A
->. <UL
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->owner</SAMP
-> field to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group, indicating that the group's members administer the entry.</P
-></LI
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->creator</SAMP
-> field to the username of the user who issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> command (or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss add</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss bulk</B
-></SPAN
-> command).</P
-></LI
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->membership</SAMP
-> field to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero), because
- the new entry does not yet belong to any groups.</P
-></LI
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->flags</SAMP
-> field to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S----</B
-></SPAN
->; for explanation,
- see <A
-HREF="c29323.html#HDRWQ559"
->Setting the Privacy Flags on Database Entries</A
->.</P
-></LI
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->group quota</SAMP
-> field to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->20</B
-></SPAN
->, meaning that
- the new user can create 20 groups. This field has no meaning for machine entries. For further discussion, see <A
-HREF="c29323.html#HDRWQ558"
->Setting Group-Creation Quota</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ543"
->To create machine entries in the Protection Database</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> command to create one or more machine entries.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser -name</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cu</B
-></SPAN
-></DT
-><DD
-><P
->Is an alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->createuser</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->createu</B
-></SPAN
-> is
- the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies an IP address in dotted-decimal notation for each machine entry. An entry can represent a single
- machine or a set of several machines with consecutive IP addresses, using the wildcard notation described in the
- following list. The letters <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->W</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Y</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Z</B
-></SPAN
-> each represent an actual number value in the field:
- <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->W.X.Y.Z</B
-></SPAN
-> represents a single machine, for example <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.108.240</B
-></SPAN
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->W.X.Y.0</B
-></SPAN
-> matches all machines whose IP addresses start with the first
- three numbers. For example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.108.0</B
-></SPAN
-> matches both <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.108.119</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.108.120</B
-></SPAN
->, but does not match
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.105.144</B
-></SPAN
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->W.X.0.0</B
-></SPAN
-> matches all machines whose IP addresses start with the first
- two numbers. For example, the address <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.0.0</B
-></SPAN
-> matches both <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.106.23</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.108.120</B
-></SPAN
->, but does not match
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.5.30.95</B
-></SPAN
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->W.0.0.0</B
-></SPAN
-> matches all machines whose IP addresses start with the first
- number in the specified address. For example, the address <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.0.0.0</B
-></SPAN
-> matches
- both <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.5.30.95</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12.108.120</B
-></SPAN
->, but
- does not match <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->138.255.63.52</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-><P
->Do not define a machine entry with the name <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0.0.0.0</B
-></SPAN
-> to match every machine.
- The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group is equivalent.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->The following example creates a machine entry that includes all of the machines in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->192.12</B
-></SPAN
-> network.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts cu 192.12.0.0</B
-></SPAN
->
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ544"
->Creating Groups</A
-></H1
-><P
->Before you can add members to a group, you must create the group entry itself. The instructions in this section explain
- how to create both regular and prefix-less groups: <UL
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->regular group</I
-></SPAN
->'s name is preceded by a prefix that indicates who owns the group, in the
- following format:</P
-><P
->owner_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->group_name</P
-><P
->Any user can create a regular group. Group names must always be typed in full, so a short group_name that indicates
- the group's purpose or its members' common interest is practical. Groups with names like <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:1</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:2</B
-></SPAN
-> are less useful because their purpose is
- unclear. For more details on the required format for regular group names, see the instructions in <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->prefix-less group</I
-></SPAN
->, as its name suggests, has only one field in its name, equivalent to a
- regular group's group_name field.</P
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can create prefix-less groups. For
- a discussion of their purpose, see <A
-HREF="c29323.html#HDRWQ548"
->Using Prefix-Less Groups</A
->.</P
-></LI
-></UL
-></P
-><P
->By default, the Protection Server assigns the next available AFS GID to a new group entry, and it is best to allow this.
- When automatically allocating an AFS GID (which is a negative integer), the Protection Server decrements the <SAMP
-CLASS="computeroutput"
->max
- group id</SAMP
-> counter by one and assigns the result to the new group. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- listmax</B
-></SPAN
-> command to display the counter, as described in <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID
- and GID Counters</A
->.</P
-><P
->In addition to the name and AFS GID, the Protection Server records the following values in the indicated fields of a new
- group's entry. See <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->. <UL
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->owner</SAMP
-> field to the issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- creategroup</B
-></SPAN
-> command, or to the user or group specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
->
- argument.</P
-></LI
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->creator</SAMP
-> field to the username of the user who issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->membership</SAMP
-> field to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> (zero), because
- the group currently has no members.</P
-></LI
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->flags</SAMP
-> field to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S-M--</B
-></SPAN
->; for explanation,
- see <A
-HREF="c29323.html#HDRWQ559"
->Setting the Privacy Flags on Database Entries</A
->.</P
-></LI
-><LI
-><P
->It sets the <SAMP
-CLASS="computeroutput"
->group quota</SAMP
-> field to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
->, because this
- field has no meaning for group entries.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ545"
->Using Groups Effectively</A
-></H2
-><P
->The main reason to create groups is to place them on ACLs, which enables you to control access for multiple users
- without having to list them individually on the ACL. There are three basic ways to use groups, each suited to a different
- purpose: <UL
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Private use</I
-></SPAN
->: you create a group and place it on the ACL of directories you own, without
- necessarily informing the group's members that they belong to it. Members notice only that they can or cannot access the
- directory in a certain way. You retain sole administrative control over the group, since you are the owner.</P
-><P
->The existence of the group and the identity of its members is not necessarily secret. Other users can use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command and see the group's name on a directory's ACL, or use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to list the groups they themselves belong to. You can set the group's
- third privacy flag to limit who can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to list the group's
- membership, but a member of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always can; see <A
-HREF="c29323.html#HDRWQ559"
->Setting the Privacy Flags on Database Entries</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Shared use</I
-></SPAN
->: you inform the group's members that they belong to the group, but you still
- remain the sole administrator. For example, the manager of a work group can create a group of all the members in the
- work group, and encourage them to use it on the ACLs of directories that house information they want to share with other
- members of the group.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If you place a group owned by someone else on your ACLs, the group's owner can change the group's membership
- without informing you. Someone new can gain or lose access in a way you did not intend and without your
- knowledge.</P
-></BLOCKQUOTE
-></DIV
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Group use</I
-></SPAN
->: you create a group and then use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
->
- command to assign ownership to a group, either another group or the group itself (the latter type is a self-owned
- group). You inform the members of the owning group that they all can administer the owned group.</P
-><P
->The main advantage of designating a group as an owner is that it spreads responsibility for administering a group
- among several people. A single person does not have to perform all administrative tasks, and if the original creator
- leaves the group, ownership does not have to be transferred.</P
-><P
->However, everyone in the owner group can make changes that affect others negatively, such as adding or removing
- people from the group inappropriately or changing the group's ownership to themselves exclusively. These problems can be
- particularly sensitive in a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->self-owned</I
-></SPAN
-> group. Using an owner group works best if all the members
- know and trust each other; it is probably wise to keep the number of people in an owner group small.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ546"
->To create groups</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->If creating a prefix-less group, verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display the members of the
- system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-> command to create each group. All of the groups have the
- same owner. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup -name</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->>+ [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->owner of the group</VAR
->>]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cg</B
-></SPAN
-></DT
-><DD
-><P
->Is an alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->creategroup</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->createg</B
-></SPAN
-> is
- the shortest acceptable abbreviation). </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-></DT
-><DD
-><P
->Names each group to create. The name can include up to 63 lowercase letters or numbers, but it is best not to
- include punctuation characters, especially those that have a special meaning to the shell.</P
-><P
->A prefix-less group name cannot include the colon (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->), because it is used to
- separate the two parts of a regular group name:</P
-><P
->owner_name<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->group_name</P
-><P
->The Protection Server requires that the owner_name prefix of a regular group name accurately indicate the
- group's owner. By default, you are recorded as the owner, and the owner_name must be your AFS username. You can
- include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
-> argument to designate another AFS user, a regular group, or a
- prefix-less group as the owner, providing the required value in the owner_name field: <UL
-><LI
-><P
->If the owner is a user, it must be the AFS username.</P
-></LI
-><LI
-><P
->If the owner is another regular group, it must match the owning group's owner_name field. For example,
- if the owner is the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:associates</B
-></SPAN
->, the owner field must be <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->If the owner is a prefix-less group, it must be the owning group's name.</P
-></LI
-></UL
-></P
-><P
->(For a discussion of why it is useful for a group to own another group, see <A
-HREF="c29323.html#HDRWQ545"
->Using
- Groups Effectively</A
->.)</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
-></DT
-><DD
-><P
->Is optional and designates an owner other than the issuer of the command. Specify either an AFS username or
- the name of a regular or prefix-less group that already has at least one member. Do not include this argument if you
- want to make the group self-owned as described in <A
-HREF="c29323.html#HDRWQ545"
->Using Groups Effectively</A
->. For
- instructions, see <A
-HREF="c29323.html#HDRWQ547"
->To create a self-owned group</A
->.</P
-><P
->Do not designate a machine as a group's owner. Because a machine cannot authenticate, there is no way for a
- machine to administer the group.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ547"
->To create a self-owned group</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-> command to create a group. Do not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
-> argument, because you must own a group to reassign ownership. For complete instructions, see
- <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> command to add one or more members to the group (a group must
- already have at least one member before owning another group). For complete instructions, see <A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser -user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->>+
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command to assign group ownership to the group itself. For
- complete instructions, see <A
-HREF="c29323.html#HDRWQ555"
->To change a group's owner</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->> <<VAR
-CLASS="replaceable"
->new owner</VAR
->>
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ548"
->Using Prefix-Less Groups</A
-></H2
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can create prefix-less groups, which are
- particularly suitable for <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->group use</I
-></SPAN
->, which is described in <A
-HREF="c29323.html#HDRWQ545"
->Using Groups
- Effectively</A
->.</P
-><P
->Suppose, for example, that the manager of the ABC Corporation's Accounting Department, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
->, creates a group that includes all of the corporation's accountants and places the group on the
- ACLs of directories that house departmental records. Using a prefix-less group rather than a regular group is appropriate for
- the following reasons: <UL
-><LI
-><P
->The fact that <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
-> created and owns the group is irrelevant, and a regular group
- must be called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith:acctg</B
-></SPAN
->. A prefix-less name like <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->acctg</B
-></SPAN
-> is more appropriate.</P
-></LI
-><LI
-><P
->If another user (say <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
->) ever replaces <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
->
- as manager of the Accounting Department, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
-> needs to become the new owner of the
- group. If the group is a regular one, its owner_name prefix automatically changes to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
->, but the change in the owner_name prefix does not propagate to any regular groups owned by
- the group. Someone must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change each one's owner_name
- prefix from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-><P
->A possible solution is to create an authentication account for a fictional user called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->acctg</B
-></SPAN
-> and make it the owner of regular groups which have <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->acctg</B
-></SPAN
-> as
- their owner_name prefix. However, if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->acctg</B
-></SPAN
-> account is also used for other purposes, then
- the number of people who need to know user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->acctg</B
-></SPAN
->'s password is possibly larger than the
- number of people who need to administer the groups it owns.</P
-><P
->A prefix-less group called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->acctg</B
-></SPAN
-> solves the problem of inappropriate owner names. The
- groups that it owns have <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->acctg</B
-></SPAN
-> as their owner_name prefix, which more accurately reflects
- their purpose than having the manager's name there. Prefix-less groups are also more accountable than dummy authentication
- accounts. Belonging to the group enables individuals to exercise the permissions granted to the group on ACLs, but users
- continue to perform tasks under their own names rather than under the dummy username. Even if the group owns itself, only a
- finite number of people can administer the group entry.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ549"
->Adding and Removing Group Members</A
-></H1
-><P
->Users and machines can be members of groups; groups cannot belong to other groups. Newly created groups have no members at
- all. To add them, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> command; to remove them, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-> command. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ550"
->To add users and machines to groups</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group, which enables you to add
- members to a group regardless of the setting of its fourth (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->) privacy flag. By default
- the group's owner also has the necessary privilege. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display the members of the
- system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> command to add one or more members to one or more groups.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser -user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ad</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->adduser</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each username or machine IP address to add as a member of each group named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-> argument. A group cannot belong to another group.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->group name</B
-></SPAN
-></DT
-><DD
-><P
->Names each group to which to add the new members.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ551"
->To remove users and machines from groups</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group, which enables you to
- remove members from a group regardless of the setting of its fifth (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
->) privacy flag. By
- default the group's owner also has the necessary privilege. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display the members of the
- system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-> command to remove one or more members from one or more
- groups. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser -user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rem</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->removeuser</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each user or machine IP address to remove from each group named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-></DT
-><DD
-><P
->Names each group from which to remove members.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ552"
->Deleting Protection Database Entries</A
-></H1
-><P
->It is best to delete a Protection Database user entry only if you are removing the complete user account. Use either the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss delete</B
-></SPAN
-> command as described in <A
-HREF="c24913.html#HDRWQ486"
->Deleting Individual Accounts with
- the uss delete Command</A
->, or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> command as described in <A
-HREF="c27596.html#HDRWQ524"
->Removing a User Account</A
->.</P
-><P
->To remove machine and group entries, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> command as described in this
- section. The operation has the following results: <UL
-><LI
-><P
->When you delete a machine entry, its name (IP address wildcard) is removed from groups.</P
-></LI
-><LI
-><P
->When you delete a group entry, its AFS GID appears on ACLs instead of the name. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->group-creation
- quota</I
-></SPAN
-> of the user who created the group increases by one, even if the user no longer owns the group.</P
-><P
->To remove obsolete AFS IDs from ACLs, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-> command as described in
- <A
-HREF="c31274.html#HDRWQ579"
->Removing Obsolete AFS IDs from ACLs</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ553"
->To delete Protection Database entries</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group or own the group you are
- deleting. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in
- <A
-HREF="c32432.html#HDRWQ587"
->To display the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> command to delete one or more entries from the Protection
- Database. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->del</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user or group name or id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the IP address or AFS UID of each machine or the name or AFS GID or each group to remove.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ554"
->Changing a Group's Owner</A
-></H1
-><P
->For user and machine entries, the Protection Server automatically assigns ownership to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group at creation time, and this cannot be changed. For group entries, you can
- change ownership. This transfers administrative responsibility for it to another user or group (for information on group
- ownership of other groups, see <A
-HREF="c29323.html#HDRWQ545"
->Using Groups Effectively</A
->).</P
-><P
->When you create a regular group, its owner_name prefix must accurately reflect its owner, as described in <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->: <UL
-><LI
-><P
->If the owner is a user, owner_name is the username.</P
-></LI
-><LI
-><P
->If the owner is a regular group, owner_name is the owning group's owner_name prefix.</P
-></LI
-><LI
-><P
->If the owner is a prefix-less group, owner_name is the owner group's name.</P
-></LI
-></UL
-></P
-><P
->When you change a regular group's owner, the Protection Server automatically changes its owner_name prefix appropriately.
- For example, if the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> becomes the new owner of the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
->, its name automatically changes to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat:friends</B
-></SPAN
->, both in
- the Protection Database and on ACLs.</P
-><P
->However, the Protection Server does not automatically change the owner_name prefix of any regular groups that the group
- owns. To continue with the previous example, suppose that the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
-> owns the
- group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:pals</B
-></SPAN
->. When <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> becomes the new owner of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
->, the name <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:pals</B
-></SPAN
-> does not change. To change the
- owner_name prefix of a regular group that is owned by another group (in the example, to change the group's name to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat:pals</B
-></SPAN
->), use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command as described in <A
-HREF="c29323.html#HDRWQ556"
->Changing a Protection Database Entry's Name</A
->. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ555"
->To change a group's owner</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group or own the group for
- which you are changing the owner. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which
- is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display the members of the system:administrators group</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> If you are changing the group's owner to another group (or to itself)
- and want to retain administrative privilege on the owned group, verify that you belong to the new owner group. If
- necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>
-</PRE
-></P
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> command to add yourself if necessary, as fully described in
- <A
-HREF="c29323.html#HDRWQ550"
->To add users and machines to groups</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->> <<VAR
-CLASS="replaceable"
->group name</VAR
->>
-</PRE
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command to change the group's owner. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->> <<VAR
-CLASS="replaceable"
->new owner</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cho</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->group name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the current name of the group.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->new owner</B
-></SPAN
-></DT
-><DD
-><P
->Names the user or group to become the group's owner.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command to
- display any groups that the group owns. As discussed in the introduction to this section, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- chown</B
-></SPAN
-> command does not automatically change the owner_name prefix of any regular groups that a group owns.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>
-</PRE
-></P
-><P
->If you want to change their names to match the new owning group, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
->
- command on each one, as described in <A
-HREF="c29323.html#HDRWQ557"
->To change the name of a machine or group
- entry</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->old name</VAR
->> <<VAR
-CLASS="replaceable"
->new name</VAR
->>
-</PRE
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ556"
->Changing a Protection Database Entry's Name</A
-></H1
-><P
->To change the name of a Protection Database entry, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command. It is best
- to change a user entry's name only when renaming the entire user account, since so many components of the account
- (Authentication Database entry, volume name, home directory mount point, and so on) share the name. For instructions, see <A
-HREF="c27596.html#HDRWQ518"
->Changing Usernames</A
->. A machine entry's name maps to the actual IP address of one or more machine, so
- changing the entry's name is appropriate only if the IP addresses have changed.</P
-><P
->It is likely, then, that most often you need to change group names. The following types of name changes are possible:
- <UL
-><LI
-><P
->Changing a regular group's name to another regular group name. The most common reason for this type of change is
- that you have used the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command to change the owner of the group. That operation
- does not change the owner_name prefix of a regular group owned by the group whose name has been changed. Therefore, you
- must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change it appropriately. For example, when user
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> becomes the owner of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
-> group, its
- name changes automatically to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat:friends</B
-></SPAN
->, but the name of a group it owns, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:pals</B
-></SPAN
->, does not change. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to rename
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:pals</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat:pals</B
-></SPAN
->. The Protection Server does not
- accept changes to the owner_name prefix that do not reflect the true ownership (changing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:pals</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith:pals</B
-></SPAN
-> is not possible).</P
-><P
->You can also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change the group_name portion of a
- regular group name, with or without changing the owner_name prefix.</P
-><P
->Both the group's owner and the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can
- change its name to another regular group name.</P
-></LI
-><LI
-><P
->Changing a regular group's name to a prefix-less name. If you change a group's name in this way, you must also use
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change the name of any regular group that the group owns. Only
- members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can make this type of name change.</P
-></LI
-><LI
-><P
->Changing a prefix-less name to another prefix-less name. As with other name changes, the owner_name prefix of any
- regular groups that the prefix-less group owns does not change automatically. You must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- rename</B
-></SPAN
-> command on them to maintain consistency.</P
-><P
->Both the group's owner and the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can
- change its name to another prefix-less name.</P
-></LI
-><LI
-><P
->Changing a prefix-less name to a regular name. The owner_name prefix on the new name must accurately reflect the
- group's ownership. As with other name changes, the owner_name prefix of any regular groups that the prefix-less group owns
- does not change automatically. You must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command on them to maintain
- consistency.</P
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can make this type of name
- change.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ557"
->To change the name of a machine or group entry</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change the entry's name. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->old name</VAR
->> <<VAR
-CLASS="replaceable"
->new name</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ren</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rename</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->old name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the entry's current name.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->new name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the new name. If the new name is for a regular group, the owner_name prefix must correctly indicate
- the owner.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ558"
->Setting Group-Creation Quota</A
-></H1
-><P
->To prevent abuse of system resources, the Protection Server imposes a group-creation quota that limits how many more
- groups a user can create. When a new user entry is created, the quota is set to 20, but members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> command to
- increase or decrease it at any time.</P
-><P
->It is pointless to change group-creation quota for machine or group entries. It is not possible to authenticate as a group
- or machine and then create groups.</P
-><P
->To display the group-creation quota, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command to display a user
- entry's <SAMP
-CLASS="computeroutput"
->group quota field</SAMP
->, as described in <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection
- Database entry</A
->. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_622"
->To set group-creation quota</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> command to specify how many more groups each of one or more
- users can create. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields -nameorid</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>+ \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-groupquota</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->set limit on group creation</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setf</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setfields</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-nameorid</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or AFS UID of each user for which to set group-creation quota.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-groupquota</B
-></SPAN
-></DT
-><DD
-><P
->Defines how many groups each user can create in addition to existing groups (in other words, groups that
- already exist do not count against the quota). The value you specify overwrites the current value, rather than
- incrementing it.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ559"
->Setting the Privacy Flags on Database Entries</A
-></H1
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can always display and administer Protection
- Database entries in any way, and regular users can display and administer their own entries and any group entries they own. The
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->privacy flags</I
-></SPAN
-> on a Protection Database entry determine who else can display certain information from the
- entry, and who can add and remove members in a group.</P
-><P
->To display the flags, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command as described in <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->. The flags appear in the output's
- <SAMP
-CLASS="computeroutput"
->flags</SAMP
-> field. To set the flags, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-access</B
-></SPAN
-> argument to
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> command.</P
-><P
->The five flags always appear, and always must be set, in the following order:</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command to display the entry.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->o</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command to display the groups that a user
- or group owns.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to display the groups a user or
- machine belongs to, or which users or machines belong to a group.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> command to add a user or machine to a group.
- It is meaningful only for groups, but a value must always be set for it even on user and machine entries.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-> command to remove a user or machine from
- a group. It is meaningful only for groups, but a value must always be set for it even on user and machine entries.</P
-></DD
-></DL
-></DIV
-><P
->Each flag can take three possible types of values to enable a different set of users to issue the corresponding command:
- <UL
-><LI
-><P
->A hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) designates the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group and the entry's owner. For user entries, it designates the user in
- addition.</P
-></LI
-><LI
-><P
->The lowercase version of the letter applies meaningfully to groups only, and designates members of the group in
- addition to the individuals designated by the hyphen.</P
-></LI
-><LI
-><P
->The uppercase version of the letter designates everyone.</P
-></LI
-></UL
-></P
-><P
->For example, the flags <SAMP
-CLASS="computeroutput"
->SOmar</SAMP
-> on a group entry indicate that anyone can examine the
- group's entry and display the groups that it owns, and that only the group's members can display, add, or remove its
- members.</P
-><P
->The default privacy flags for user and machine entries are <SAMP
-CLASS="computeroutput"
->S----</SAMP
->, meaning that anyone can
- display the entry. The ability to perform any other functions is restricted to members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group and the entry's owner (as well as the user for a user entry).</P
-><P
->The default privacy flags for group entries are <SAMP
-CLASS="computeroutput"
->S-M--</SAMP
->, meaning that all users can display
- the entry and the members of the group, but only the entry owner and members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can perform other functions. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_624"
->To set a Protection Database entry's privacy flags</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> command to set the privacy flags. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-access</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->set privacy flags</VAR
->>
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setf</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setfields</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user or group name or id</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or AFS UID of each user, the IP address or AFS UID of each machine, or the name or AFS GID
- of each group for which to set the privacy flags.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-access</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the set of privacy flags to associate with each entry. Provide a value for each of the five flags,
- observing the following constraints: <UL
-><LI
-><P
->Provide a value for all five flags, even though the fourth and fifth flags are not meaningful for user
- and machine entries.</P
-></LI
-><LI
-><P
->For self-owned groups, the hyphen is equivalent to a lowercase letter, because all the members of a
- self-owned group own it.</P
-></LI
-><LI
-><P
->Set the first flag to lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
-> or uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> only. For user and machine entries, the Protection Server interprets the lowercase
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
-> as equivalent to the hyphen.</P
-></LI
-><LI
-><P
->Set the second flag to the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) or uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->O</B
-></SPAN
-> only. For groups, the Protection Server interprets the hyphen as equivalent to
- lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->o</B
-></SPAN
-> (that is, members of a group can always list the groups that it
- owns).</P
-></LI
-><LI
-><P
->Set the third flag to the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->), lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
->, or uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->M</B
-></SPAN
->. For user and machine entries, the
- lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-> does not have a meaningful interpretation, because they have no
- members.</P
-></LI
-><LI
-><P
->Set the fourth flag to the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->), lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->, or uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
->. Although this flag does not have a
- meaningful interpretation for user and machine entries (because they have no members), it must be set,
- preferably to the hyphen.</P
-></LI
-><LI
-><P
->Set the fifth flag to the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) or lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> only. Although this flag does not have a meaningful interpretation for user and
- machine entries (because they have no members), it must be set, preferably to the hyphen.</P
-></LI
-></UL
-></P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
-></H1
-><P
->When you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> command to create a user or machine entry in the
- Protection Database, the Protection Server by default automatically allocates an AFS user ID (AFS UID) for it; similarly, it
- allocates an AFS group ID (AFS GID) for each group entry you create with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
->
- command. It tracks the next available AFS UID (which is a positive integer) and AFS GID (which is a negative integer) with the
- <SAMP
-CLASS="computeroutput"
->max user id</SAMP
-> and <SAMP
-CLASS="computeroutput"
->max group id</SAMP
-> counters, respectively.</P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument to either <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> creation command to assign a specific ID to a
- new user, machine, or group. It often makes sense to assign AFS UIDs explicitly when creating AFS accounts for users with
- existing UNIX accounts, as discussed in <A
-HREF="c24913.html#HDRWQ456"
->Assigning AFS and UNIX UIDs that Match</A
->. It is also
- useful if you want to establish ranges of IDs that correspond to departmental affiliations (for example, assigning AFS UIDs from
- 300 to 399 to members of one department, AFS UIDs from 400 to 499 to another department, and so on).</P
-><P
->To display the current value of the counters, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listmax</B
-></SPAN
-> command. When you next
- create a user or machine entry and do not specify its AFS UID, the Protection Server increments the <SAMP
-CLASS="computeroutput"
->max user
- id</SAMP
-> counter by one and assigns that number to the new entry. When you create a new group and do not specify its
- AFS GID, the Protection Server decrements the <SAMP
-CLASS="computeroutput"
->max group id</SAMP
-> counter by one (makes it more
- negative), and assigns that number to the new group.</P
-><P
->You can change the value of either counter, or both, in one of two ways:</P
-><UL
-><LI
-><P
->Directly, using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setmax</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->Indirectly, by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- createuser</B
-></SPAN
-> command to assign an AFS UID that is larger than the <SAMP
-CLASS="computeroutput"
->max user id</SAMP
->
- counter, or by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
->
- command to assign an AFS GID that is less (more negative) than the max group id counter. In either case, the Protection
- Server changes the counter to the value of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument. The Protection Server does not
- use the IDs between the previous value of the counter and the new one when allocating IDs automatically, unless you use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setmax</B
-></SPAN
-> command to move the counter back to its old value.</P
-><P
->If the value you specify with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument is less than the <SAMP
-CLASS="computeroutput"
->max
- user id</SAMP
-> counter or greater (less negative) than the <SAMP
-CLASS="computeroutput"
->max group id</SAMP
-> counter,
- then the counter does not change.</P
-></LI
-></UL
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ561"
->To display the AFS ID counters</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listmax</B
-></SPAN
-> command to display the counters. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listmax</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listm</B
-></SPAN
-> is an acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listmax</B
-></SPAN
->.</P
-></LI
-></OL
-><P
->The following example illustrates the output's format. In this case, the next automatically assigned AFS UID is 5439 and
- AFS GID is -469.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listmax</B
-></SPAN
->
- Max user id is 5438 and max group id is -468.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_627"
->To set the AFS ID counters</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setmax</B
-></SPAN
-> command to set the <SAMP
-CLASS="computeroutput"
->max user
- id</SAMP
-> counter, the <SAMP
-CLASS="computeroutput"
->max group id</SAMP
-> counter, or both. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setmax</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group max</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user max</VAR
->>]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setm</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setmax</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-></DT
-><DD
-><P
->Specifies an integer one greater (less negative) than the AFS GID that the Protection Server is to assign to
- the next group entry. Because the value is a negative integer, precede it with a hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Specifies an integer one less than the AFS UID that the Protection Server is to assign to the next user or
- machine entry.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c27596.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c31274.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Administering User Accounts</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p24911.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Managing Access Control Lists</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Managing Access Control Lists</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing Users and Groups"
-HREF="p24911.html"><LINK
-REL="PREVIOUS"
-TITLE="Administering the Protection Database"
-HREF="c29323.html"><LINK
-REL="NEXT"
-TITLE="Managing Administrative Privilege"
-HREF="c32432.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c29323.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c32432.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ562"
-></A
->Chapter 15. Managing Access Control Lists</H1
-><P
->To control access to a directory and all of the files in it, AFS associates an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->access control list</I
-></SPAN
->
- (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->ACL</I
-></SPAN
->) with it, rather than the mode bits that the UNIX file system (UFS) associates with individual files or
- directories. AFS ACLs provide more refined access control because there are seven access permissions rather than UFS's three, and
- there is room for approximately 20 user or group entries on an ACL, rather than just the three UFS entries (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->group</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->other</B
-></SPAN
->).</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ563"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN31285"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="57*"><COL
-WIDTH="43*"><TBODY
-><TR
-><TD
->Examine access control list</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Edit ACL's normal permissions section</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Edit ACL's negative permissions section</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag</TD
-></TR
-><TR
-><TD
->Replace an ACL</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> flag</TD
-></TR
-><TR
-><TD
->Copy an ACL</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove obsolete AFS UIDs</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ565"
->Protecting Data in AFS</A
-></H1
-><P
->This section describes the main differences between the AFS and UFS file protection systems, discusses the implications of
- directory-level protections, and describes the seven access permissions.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ566"
->Differences Between UFS and AFS Data Protection</A
-></H2
-><P
->The UFS mode bits data protection system and the AFS ACL system differ in the following ways: <UL
-><LI
-><P
->Protection at the file level (UFS) versus the directory level (AFS)</P
-><P
->UFS associates a set of nine mode bits with each file element, three (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rwx</B
-></SPAN
->) for
- each of the element's owner, owning group, and all other users. A similar set of mode bits on the file's directory
- applies to the file only in an oblique way.</P
-><P
->An AFS ACL instead protects all files in a directory in the same way. If a certain file is more sensitive than
- others, store it in a directory with a more restrictive ACL.</P
-><P
->Defining access at the directory level has important consequences: <UL
-><LI
-><P
->The permissions on a directory's ACL apply to all of the files in the directory. When you move a file to a
- different directory, you effectively change the access permissions that apply to it to those on its new
- directory's ACL. Changing a directory's ACL changes the protection on all the files in it.</P
-></LI
-><LI
-><P
->When you create a subdirectory, its initial ACL is created as a copy of its parent directory's ACL. You can
- then change the subdirectory's ACL independently. However, the parent directory's ACL continues to control access
- to the subdirectory in the following way: the parent directory's ACL must grant the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission to a user (or a group the user
- belongs to) in order for the user to access the subdirectory at all.</P
-><P
->In general, then, it is best to assign fairly liberal access permissions to high-level directories
- (including user home directories). In particular, it often makes sense to grant at least the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group on high-level directories. For further discussion, see <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->.</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->How the mode bits are interpreted</P
-><P
->Mode bits are the only file-protection system in UFS. AFS allows you to set the UNIX mode bits on a file in
- addition to the ACL on its directory, but it interprets them differently. See <A
-HREF="c31274.html#HDRWQ580"
->How AFS
- Interprets the UNIX Mode Bits</A
->.</P
-></LI
-><LI
-><P
->Three access permissions (UFS) versus seven (AFS)</P
-><P
->UFS defines three access permissions in the form of mode bits: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->x</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->execute</B
-></SPAN
->). AFS defines seven permissions, which makes access
- control more precise. For detailed descriptions, see <A
-HREF="c31274.html#HDRWQ567"
->The AFS ACL Permissions</A
->.
- <TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->)</TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->)</TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->)</TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lock</B
-></SPAN
->)</TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->)</TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->)</TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->)</TD
-></TR
-></TBODY
-></TABLE
-></P
-></LI
-><LI
-><P
->Three defined users and groups (UFS) versus many (AFS)</P
-><P
->UFS controls access for one user and two groups by providing a set of mode bits for each: the user who owns the
- file or directory, a single defined group, and everyone who has an account on the system.</P
-><P
->AFS, in contrast, allows you to place many entries (individual users or groups) on an ACL, granting a different
- set of access permissions to each one. The number of possible entries is about 20, and depends on how much space each
- entry occupies in the memory allocated for the ACL itself.</P
-><P
->AFS defines two system groups, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
->, which represent all users and all authenticated users, respectively; for further
- discussion, see <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->. In addition, users can define their own groups in
- the Protection Database, consisting of individual users or machine IP addresses. Users who have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permission on an ACL can create entries for the system groups as well as groups defined by
- themselves or other users. For information on defining groups, see <A
-HREF="c29323.html"
->Administering the Protection
- Database</A
->.</P
-><P
->When a user requests access to a file or directory, the File Server sums together all of the permissions that the
- relevant ACL extends to the user and to groups to which the user belongs. Placing group entries on ACLs therefore can
- control access for many more users than the ACL can accommodate as individual entries.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ567"
->The AFS ACL Permissions</A
-></H2
-><P
->Functionally, the seven standard ACL permissions fall into two groups: one that applies to the directory itself and one
- that applies to the files it contains.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ568"
->The Four Directory Permissions</A
-></H3
-><P
->The four permissions in this group are meaningful with respect to the directory itself. For example, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) permission does not control addition of data to a file,
- but rather creation of a new file or subdirectory. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The l (lookup) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission functions as something of a gate keeper for access to the directory and its files, because a
- user must have it in order to exercise any other permissions. In particular, a user must have this permission to
- access anything in the directory's subdirectories, even if the ACL on a subdirectory grants extensive permissions.
- </P
-><P
->This permission enables a user to issue the following commands: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> command to list the names of the files and subdirectories in the
- directory</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> command to obtain complete status information for the
- directory element itself</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command to examine the directory's ACL</P
-></LI
-></UL
-></P
-><P
->This permission does not enable a user to read the contents of a file in the directory, to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command on a file in the directory, or to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listacl</B
-></SPAN
-> command with the filename as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-path</B
-></SPAN
-> argument. Those
- operations require the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission which
- is described in <A
-HREF="c31274.html#HDRWQ569"
->The Three File Permissions</A
->.</P
-><P
->Similarly, this permission does not enable a user to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listacl</B
-></SPAN
-> commands against a subdirectory of the directory. Those operations require the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission on the ACL of the subdirectory itself.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The i (insert) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to add new files to the directory, either by creating or copying, and to create
- new subdirectories. It does not extend into any subdirectories, which are protected by their own ACLs. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The d (delete) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to remove files and subdirectories from the directory or move them into other
- directories (assuming that the user has the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> permission on the ACL of the other
- directories). </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The a (administer) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to change the directory's ACL. Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group implicitly have this permission on every directory (that is, even
- if that group does not appear on the ACL). Similarly, the owner of a directory implicitly has this permission on its
- ACL and those of all directories below it that he or she owns. </P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ569"
->The Three File Permissions</A
-></H3
-><P
->The three permissions in this group are meaningful with respect to files in a directory, rather than the directory
- itself or its subdirectories. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The r (read) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to read the contents of files in the directory and to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command to stat the file elements. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The w (write) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to modify the contents of files in the directory and to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod</B
-></SPAN
-> command to change their UNIX mode bits. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The k (lock) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables the user to run programs that issue system calls to lock files in the directory.
- </P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_635"
->The Eight Auxiliary Permissions</A
-></H3
-><P
->AFS provides eight additional permissions that do not have a defined meaning, denoted by the uppercase letters
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->B</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->C</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->H</B
-></SPAN
->.</P
-><P
->You can write application programs that assign a meaning to one or more of the permissions, and then place them on
- ACLs to control file access by those programs. For example, you can modify a print program to recognize and interpret the
- permissions, and then place them on directories that house files that the program accesses. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listacl</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> commands to display and set the auxiliary permissions on
- ACLs just like the standard seven.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_636"
->Shorthand Notation for Sets of Permissions</A
-></H3
-><P
->You can combine the seven permissions in any way in an ACL entry, but certain combinations are more useful than
- others. Four of the more common combinations have corresponding shorthand forms. When using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setacl</B
-></SPAN
-> command to define ACL entries, you can provide either one or more of the individual letters that represent
- the permissions, or one of the following shorthand forms: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-></DT
-><DD
-><P
->Represents all seven standard permissions (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwka</B
-></SPAN
->). </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-></DT
-><DD
-><P
->Removes the entry from the ACL, leaving the user or group with no permissions. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
-></DT
-><DD
-><P
->Represents the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
-></DT
-><DD
-><P
->Represents all permissions except <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->): <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwk</B
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ570"
->Using Normal and Negative Permissions</A
-></H2
-><P
->ACLs enable you both to grant and to deny access to a directory and the files in it. To grant access, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to create an ACL entry that associates a set of permissions with a user or group, as
- described in <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->. When you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command to display an ACL (as described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->), such entries appear underneath
- the following header, which uses the term <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->rights</I
-></SPAN
-> to refer to permissions:</P
-><PRE
-CLASS="programlisting"
-> Normal rights
-</PRE
-><P
->There are two ways to deny access: <OL
-TYPE="1"
-><LI
-><P
->The recommended method is simply to omit an entry for the user or group from the ACL, or to omit the appropriate
- permissions from the entry. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to remove or edit an existing
- entry, using the instructions in <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->. In most
- circumstances, this method is enough to prevent access of certain kinds or by certain users. You must take care,
- however, not to grant the undesired permissions to any groups to which such users belong.</P
-></LI
-><LI
-><P
->The more explicit method for denying access is to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to create an entry that associates <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->negative
- permissions</I
-></SPAN
-> with the user or group; for instructions, see <A
-HREF="c31274.html#HDRWQ575"
->To add, remove, or edit
- negative ACL permissions</A
->. The output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command lists negative
- entries underneath the following header: <PRE
-CLASS="programlisting"
-> Negative rights
-</PRE
-></P
-><P
->When determining what type of access to grant to a user, the File Server first compiles a set of permissions by
- examining all of the entries in the <SAMP
-CLASS="computeroutput"
->Normal rights</SAMP
-> section of the ACL. It then subtracts
- any permissions associated with the user (or with groups to which the user belongs) on the <SAMP
-CLASS="computeroutput"
->Negative
- rights</SAMP
-> section of the ACL. Therefore, negative permissions always cancel out normal permissions.</P
-><P
->Using negative permissions reverses the usual semantics of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command,
- introducing the potential for confusion. In particular, combining the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-> shorthand
- and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag constitutes a double negative: by removing an entry from the
- <SAMP
-CLASS="computeroutput"
->Negative rights</SAMP
-> section of the ACL, you enable a user once again to obtain permissions
- via entries in the <SAMP
-CLASS="computeroutput"
->Normal rights</SAMP
-> section. Combining the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-> shorthand with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag explicitly denies all
- permissions.</P
-><P
->Note also that it is pointless to create an entry in the <SAMP
-CLASS="computeroutput"
->Negative rights</SAMP
-> section
- if an entry in the <SAMP
-CLASS="computeroutput"
->Normal rights</SAMP
-> section grants the denied permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group. In this case, users can obtain the permissions simply by using the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command to discard their tokens. When they do so, the File Server recognizes them
- as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user, who belongs to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group but does not match the entries on the <SAMP
-CLASS="computeroutput"
->Negative
- rights</SAMP
-> section of the ACL.</P
-></LI
-></OL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ571"
->Using Groups on ACLs</A
-></H2
-><P
->As previously mentioned, placing a group entry on an ACL enables you to control access for many users at once. You can
- grant a new user access to many files and directories simply by adding the user to a group that appears on the relevant ACLs.
- You can also create groups of machines, in which case any user logged on to the machine obtains the access that is granted to
- the group. On directories where they have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permission on the ACL, users can define their
- own groups and can create ACL entries for any groups, not just groups that they create or own themselves. For instructions on
- creating groups of users or machines, and a discussion of the most effective ways to use different types of groups, see <A
-HREF="c29323.html"
->Administering the Protection Database</A
->. </P
-><P
->AFS also defines the following two system groups, which can be very useful on ACLs because they potentially represent a
- large group of people. For more information about these groups, see <A
-HREF="c29323.html#HDRWQ535"
->The System Groups</A
->.
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-></DT
-><DD
-><P
->Includes anyone who can access the cell's file tree, including users who have logged in as the local superuser
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->, have connected to a local machine from somewhere outside the cell, and AFS
- users who belong to a foreign cell. This group includes users who do not have tokens that are valid for the local AFS
- servers; the servers recognize them as the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
->.</P
-><P
->Note that creating an ACL entry for this group is the only way to extend access to AFS users from foreign cells,
- unless you create local authentication accounts for them. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-></DT
-><DD
-><P
->Includes all users who have a valid AFS token obtained from the local cell's authentication service.</P
-></DD
-></DL
-></DIV
-></P
-><P
->It is particularly useful to grant the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->)
- permission to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group on the ACL of most directories in the file system,
- especially at the upper levels. This permission enables users only to learn the names of files and subdirectories in a
- directory, but without it they cannot traverse their way through the directories in the path to a target file.</P
-><P
->A slightly more restrictive alternative is to grant the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group. If that is still not restrictive enough, you can grant the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> to specific users or groups, which cannot exceed about 20 in number on a given ACL.</P
-><P
->Another reason to grant certain permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group is to enable
- the correct operation of processes that provide services such as printing and mail delivery. For example, in addition to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission, a print process possibly needs the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission in order to access the contents of files, and a mail delivery process
- possibly requires the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) permission to deliver new
- pieces of mail.</P
-><P
->The ACL on the root directory of every newly created volume grants all permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. You can remove this entry if you wish, but members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->), and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->, permission on every
- directory's ACL. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permission enables them to grant themselves other permissions
- explicitly when necessary. To learn about changing this default set of permissions, see <A
-HREF="c32432.html#HDRWQ586"
->Administering
- the system:administrators Group</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ572"
->Displaying ACLs</A
-></H1
-><P
->To display the ACL associated with a file, directory or symbolic link, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listacl</B
-></SPAN
-> command. The output for a symbolic link displays the ACL that applies to its target file or directory, rather
- than the ACL on the directory that houses the symbolic link.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Note for AFS/DFS Migration Toolkit users:</B
-></SPAN
-> If the machine on which you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command is configured to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit,
- you can use the command to display the ACL on DFS files and directories. To display a DFS directory's Initial Container and
- Initial Object ACL instead of the regular one, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flag. For instructions, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS/DFS
- Migration Toolkit Administration Guide and Reference</I
-></SPAN
->. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter
- ignores the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flags if you include them when
- displaying an AFS ACL. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_640"
->To display an ACL</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->la</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listacl</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lista</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names one or more files or directories for which to display the ACL. For files, the output displays the ACL
- for its directory. If you omit this argument, the output is for the current working directory. Partial pathnames are
- interpreted relative to the current working directory. You can also use the following notation on its own or as part
- of a pathname: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
-></DT
-><DD
-><P
->(A single period). Specifies the current working directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->..</B
-></SPAN
-></DT
-><DD
-><P
->(Two periods). Specifies the current working directory's parent directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->*</B
-></SPAN
-></DT
-><DD
-><P
->(The asterisk). Specifies each file and subdirectory in the current working directory. The ACL
- displayed for a file is always the same as for its directory, but the ACL for each subdirectory can
- differ.</P
-></DD
-></DL
-></DIV
-></P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->The following error message indicates that you do not have the permissions needed to display an ACL. To specify a
- directory name as the dir/file path argument, you must have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on the ACL. To specify a filename, you must also have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission on its directory's ACL.</P
-><PRE
-CLASS="programlisting"
-> fs: You don't have the required access permissions on 'dir/file path'
-</PRE
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group and the directory's owner (as reported by
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> command) implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission on every directory's ACL, and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setacl</B
-></SPAN
-> command to grant themselves the required permissions; for instructions, see <A
-HREF="c31274.html#HDRWQ573"
->Setting
- ACL Entries</A
->.</P
-><P
->The output for each file or directory specified as dir/file path begins with the following header to identify it:</P
-><PRE
-CLASS="programlisting"
-> Access list for dir/file path is
-</PRE
-><P
->The <SAMP
-CLASS="computeroutput"
->Normal rights</SAMP
-> header appears on the next line, followed by lines that each pair a
- user or group name and a set of permissions. The permissions appear as the single letters defined in <A
-HREF="c31274.html#HDRWQ567"
->The AFS ACL Permissions</A
->, and always in the order <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwka</B
-></SPAN
->. If there
- are any negative permissions, the <SAMP
-CLASS="computeroutput"
->Negative rights</SAMP
-> header appears next, followed by pairs of
- negative permissions.</P
-><P
->The following example displays the ACL on user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->'s home directory in the ABC
- Corporation cell:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs la /afs/abc.com/usr/terry</B
-></SPAN
->
- Access list for /afs/abc.com/usr/terry is
- Normal permissions:
- system:authuser rl
- pat rlw
- terry rlidwka
- Negative permissions:
- terry:other-dept rl
- jones rl
-</PRE
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
-> are individual users, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> is a system group, and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:other-dept</B
-></SPAN
-> is a group that <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> owns. The list of
- normal permissions grants all permissions to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->), and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) permissions to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions to
- the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group.</P
-><P
->The list of negative permissions denies the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->
- permissions to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
-> and the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:other-dept</B
-></SPAN
->
- group. These entries effectively prevent them from accessing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->'s home directory in any
- way, because they cancel out the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions
- extended to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group, which is the only entry on the <SAMP
-CLASS="computeroutput"
->Normal
- rights</SAMP
-> section of the ACL that possibly applies to them.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ573"
->Setting ACL Entries</A
-></H1
-><P
->To add, remove, or edit ACL entries, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command. By default, the command
- manipulates entries on the normal permissions section of the ACL. To manipulate entries on the negative permissions section,
- include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag.</P
-><P
->You must have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission on an ACL to
- edit it. The owner of a directory (as reported by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
->) command and members of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have it on every ACL. By default, members of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group also implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Note for AFS/DFS Migration Toolkit users:</B
-></SPAN
-> If the machine on which you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command is configured to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit,
- you can use the command to set the ACL on DFS files and directories. To set a DFS directory's Initial Container and Initial
- Object ACL instead of the regular one, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flag. For instructions, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS/DFS
- Migration Toolkit Administration Guide and Reference</I
-></SPAN
->. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter
- ignores the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flags if you include them when setting
- an AFS ACL. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission
- on each directory for which you are editing the ACL. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to edit entries in the normal permissions section of
- the ACL. To remove an entry, specify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-> shorthand as the permissions. If an ACL
- entry already exists, the permissions you specify completely replace those in the existing entry. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->access list entries</VAR
->>+
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sa</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setacl</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->seta</B
-></SPAN
->
- is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-></DT
-><DD
-><P
->Names one or more directories to which to apply the ACL entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument. Partial pathnames are interpreted relative to the current working
- directory.</P
-><P
->Specify the read/write path to each directory, to avoid the failure that results when you attempt to change a
- read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the
- pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For further discussion of the
- concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount
- Point Traversal</A
->.</P
-><P
->You can also use the following notation on its own or as part of a pathname:</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
-></DT
-><DD
-><P
->(A single period). If used by itself, sets the ACL on the current working directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->..</B
-></SPAN
-></DT
-><DD
-><P
->(Two periods). If used by itself, sets the ACL on the current working directory's parent
- directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->*</B
-></SPAN
-></DT
-><DD
-><P
->(The asterisk). Sets the ACL on each of the subdirectories in the current working directory. You must
- precede it with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> switch, since it potentially designates multiple
- directories. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter generates the following error message
- for each file in the directory: <PRE
-CLASS="programlisting"
-> fs: 'filename': Not a directory
-</PRE
-></P
-></DD
-></DL
-></DIV
-><P
->If you specify only one directory or file name, you can omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> switches.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more ACL entries, each of which pairs a user or group name and a set of permissions. Separate
- the pairs, and the two parts of each pair, with one or more spaces.</P
-><P
->To define the permissions, provide either:</P
-><UL
-><LI
-><P
->One or more of the letters that represent the standard or auxiliary permissions (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwka</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ABCDEFGH</B
-></SPAN
->), in any order</P
-></LI
-><LI
-><P
->One of the four shorthand notations: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-> (equals <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwka</B
-></SPAN
->)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-> (removes the entry)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
-> (equals <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rl</B
-></SPAN
->)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
-> (equals <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwk</B
-></SPAN
->)</P
-></LI
-></UL
-></P
-></LI
-></UL
-><P
->For a more detailed description of the permissions and shorthand notations, see <A
-HREF="c31274.html#HDRWQ567"
->The
- AFS ACL Permissions</A
->.</P
-><P
->On a single command line, you can combine user and group entries. You can also use individual letters in some
- pairs and the shorthand notations in other pairs, but cannot combine letters and shorthand notation within a single
- pair.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->Either of the following examples grants user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->)
- permissions on the ACL of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->notes</B
-></SPAN
-> subdirectory in the issuer's home directory. They
- illustrate how it is possible to omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
->
- switches when you name only one directory.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sa ~/notes pat rl</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sa ~/notes pat read</B
-></SPAN
->
-</PRE
-><P
->The following example edits the ACL for the current working directory. It removes the entry for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group, and adds two entries: one grants all permissions except <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) to the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:colleagues</B
-></SPAN
-> group and the other grants the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions to
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group. The command appears on two lines here only for legibility.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sa -dir . -acl system:anyuser none terry:colleagues write \
- system:authuser rl</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ575"
->To add, remove, or edit negative ACL permissions</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission
- on each directory for which you are editing the ACL. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
->
- flag to edit entries in the negative permissions section of the ACL. To remove an entry, specify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-> shorthand as the permissions. If an ACL entry already exists for a user or group, the
- permissions you specify completely replace those in the existing entry. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->access list entries</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
->
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sa</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setacl</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->seta</B
-></SPAN
->
- is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-></DT
-><DD
-><P
->Names one or more directories to which to apply the negative ACL entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument. Specify the read/write path to each directory, to avoid the failure that
- results when you attempt to change a read-only volume. For a detailed description of acceptable values, see <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more ACL entries, each of which pairs a user or group name and a set of permissions. Separate
- the pairs, and the two parts of each pair, with one or more spaces. For a detailed description of acceptable values,
- see <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->. Keep in mind that the usual
- meaning of each permission is reversed.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-></DT
-><DD
-><P
->Places the entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument on the negative permissions
- section of the ACL for each directory named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> argument.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->The following example denies user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->) permissions for
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->project</B
-></SPAN
-> subdirectory of the current working directory.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sa project pat wd -neg</B
-></SPAN
->
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ576"
->Completely Replacing an ACL</A
-></H1
-><P
->It is sometimes simplest to clear an ACL completely before defining new permissions on it, for instance if the mix of
- normal and negative permissions makes it difficult to understand how their interaction affects a user's access to the directory.
- To clear an ACL completely while you define new entries, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> flag on the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command. When you include this flag, you can create entries on either the normal
- permissions or the negative permissions section of the ACL, but not on both at once.</P
-><P
->Remember to create an entry that grants appropriate permissions to the directory's owner. The owner implicitly has the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission required to replace a deleted entry,
- but the effects of a missing ACL entry (particularly the lack of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
-> permission) can be
- so confusing that it becomes difficult for the owner to realize that the missing entry is causing the problems. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_645"
->To replace an ACL completely</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission
- on each directory for which you are editing the ACL. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> flag
- to clear the ACL completely before setting either normal or negative permissions. Because you need to grant the owner of
- the directory all permissions, it is better in most cases to set normal permissions at this point. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->access list entries</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
->]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sa</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setacl</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->seta</B
-></SPAN
->
- is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-></DT
-><DD
-><P
->Names one or more directories to which to apply the negative ACL entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument. Specify the read/write path to each directory, to avoid the failure that
- results when you attempt to change a read-only volume. For a detailed description of acceptable values, see <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more ACL entries, each of which pairs a user or group name and a set of permissions. Separate
- the pairs, and the two parts of each pair, with one or more spaces. Remember to grant all permissions to the owner
- of the directory. For a detailed description of acceptable values, see <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or
- edit normal ACL permissions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-></DT
-><DD
-><P
->Removes all entries from each ACL before creating the entries indicated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-></DT
-><DD
-><P
->Places the entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument on the negative permissions
- section of each ACL.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ577"
->Copying ACLs Between Directories</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl</B
-></SPAN
-> command copies a source directory's ACL to one or more destination
- directories. It does not affect the source ACL at all, but changes each destination ACL as follows: <UL
-><LI
-><P
->If an entry on the source ACL does not exist on the destination ACL, the command copies it to the destination
- ACL.</P
-></LI
-><LI
-><P
->If an entry on the destination ACL does not also exist on the source ACL, the command does not remove it unless you
- include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> flag to overwrite the destination ACL completely.</P
-></LI
-><LI
-><P
->If an entry is on both ACLs, the command changes the permissions on the destination ACL entry to match the source
- ACL entry.</P
-></LI
-></UL
-></P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Note for AFS/DFS Migration Toolkit users:</B
-></SPAN
-> If the machine is configured to enable AFS
- users to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, then you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- copyacl</B
-></SPAN
-> command to copy ACLs between DFS files and directories also. The command includes <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flags for altering a DFS directory's Initial Container and
- Initial Object ACLs as well as its regular ACL; see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS/DFS Migration Toolkit Administration Guide and
- Reference</I
-></SPAN
->. You cannot copy ACLs between AFS and DFS directories, because they use different ACL formats. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter ignores the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flags if you include them when copying AFS ACLs. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_647"
->To copy an ACL between directories</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on
- the source ACL and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission on each
- destination ACL. To identify the source directory by naming a file in it, you must also have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission on the source ACL. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying
- ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ578"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl</B
-></SPAN
-> command to copy a source ACL to the ACL
- on one or more destination directories. (The command appears here on two lines only for legibility.) <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl -fromdir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->source directory</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-todir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->destination directory</VAR
->>+ \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
->]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->co</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->copyacl</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fromdir</B
-></SPAN
-></DT
-><DD
-><P
->Names the source directory from which to copy the ACL. Partial pathnames are interpreted relative to the
- current working directory. If this argument names a file, the ACL is copied from its directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-todir</B
-></SPAN
-></DT
-><DD
-><P
->Names each destination directory to which to copy the source ACL. Partial pathnames are interpreted relative
- to the current working directory. Filenames are not acceptable.</P
-><P
->Specify the read/write path to each directory, to avoid the failure that results when you attempt to change a
- read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the
- pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For further discussion of the
- concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount
- Point Traversal</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-></DT
-><DD
-><P
->Completely overwrites each destination directory's ACL with the source ACL.</P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->The following example copies the ACL from the current working directory's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->notes</B
-></SPAN
->
- subdirectory to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->plans</B
-></SPAN
-> subdirectory. The issuer does not include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> flag, so the entry for user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> remains on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->plans</B
-></SPAN
-> directory's ACL although there is no corresponding entry on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->notes</B
-></SPAN
-> directory's ACL.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs la notes plans</B
-></SPAN
->
- Access list for notes is
- Normal permissions:
- terry rlidwka
- smith rl
- jones rl
- Access list for plans is
- Normal permissions:
- terry rlidwk
- pat rlidwk
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl notes plans</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs la notes plans</B
-></SPAN
->
- Access list for notes is
- Normal permissions:
- terry rlidwka
- smith rl
- jones rl
- Access list for plans is
- Normal permissions:
- terry rlidwka
- pat rlidwk
- smith rl
- jones rl
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ579"
->Removing Obsolete AFS IDs from ACLs</A
-></H1
-><P
->When you remove a user or group entry from the Protection Database, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command displays the user's AFS UID (or group's AFS GID) in ACL entries, rather than the name. In the following example, user
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> has an ACL entry for the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
-> (AFS GID
- -567) on her home directory in the ABC Corporation cell, and then removes the group from the Protection Database.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl /afs/abc.com/usr/terry</B
-></SPAN
->
- Access list for /afs/abc.com/usr/terry is
- Normal permissions:
- terry:friends rlik
- system:anyuser l
- terry rlidwka
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete terry:friends</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl /afs/abc.com/usr/terry</B
-></SPAN
->
- Access list for /afs/abc.com/usr/terry is
- Normal permissions:
- -567 rlik
- system:anyuser l
- terry rlidwka
-</PRE
-><P
->Leaving AFS IDs on ACLs serves no function, because the ID no longer corresponds to an active user or group. Furthermore,
- if the ID is ever assigned to a new user or group, then the new possessor of the ID gains access that the owner of the directory
- actually intended for the previous possessor. (Reusing AFS IDs is not recommended precisely for this reason.)</P
-><P
->To remove obsolete AFS UIDs from ACLs, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-> command. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_649"
->To clean obsolete AFS IDs from an ACL</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission
- on each directory for which you are cleaning the ACL. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-> command to remove entries for obsolete AFS IDs.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cl</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cleanacl</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names each directory for which to clean the ACL. If this argument names a file, its directory's ACL is
- cleaned. Omit this argument to clean the current working directory's ACL.</P
-><P
->Specify the read/write path to each directory, to avoid the failure that results when you attempt to change a
- read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at the
- pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For further discussion of the
- concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount
- Point Traversal</A
->.</P
-><P
->You can also use the following notation on its own or as part of a pathname:</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
-></DT
-><DD
-><P
->(A single period). If used by itself, cleans the current working directory's ACL.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->..</B
-></SPAN
-></DT
-><DD
-><P
->(Two periods). If used by itself, cleans the ACL on the current working directory's parent
- directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->*</B
-></SPAN
-></DT
-><DD
-><P
->(The asterisk). Cleans the ACL of each of the subdirectories in the current working directory. However,
- if you use the asterisk and there are obsolete AFS IDs on any directory's ACL, the following error message
- appears for every file in the directory: <PRE
-CLASS="programlisting"
-> fs: 'filename': Not a directory
-</PRE
-></P
-></DD
-></DL
-></DIV
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->If there are obsolete AFS IDs on a directory, the command interpreter displays its cleaned ACL under the following
- header.</P
-><PRE
-CLASS="programlisting"
-> Access list for directory is now
-</PRE
-><P
->If a directory's ACL has no obsolete AFS IDs on it, the following message appears for each.</P
-><PRE
-CLASS="programlisting"
-> Access list for directory is fine.
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ580"
->How AFS Interprets the UNIX Mode Bits</A
-></H1
-><P
->Although AFS uses ACLs to protect file data rather than the mode bits that UFS uses, it does not ignore the mode bits
- entirely. When you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod</B
-></SPAN
-> command on an AFS file or directory, AFS changes the bits
- appropriately. To change a file's mode bits, you must have the AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) permission on the ACL of the file's directory. To change a directory's mode bits, you must have
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions on
- its ACL.</P
-><P
->AFS also uses the UNIX mode bits as follows:</P
-><UL
-><LI
-><P
->It uses the initial bit to determine the element's type. This is the bit that appears first in the output from the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command and shows the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) for a file or the
- letter <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> for a directory.</P
-></LI
-><LI
-><P
->It does not use any of the mode bits on a directory.</P
-></LI
-><LI
-><P
->For a file, the first (owner) set of bits interacts with the ACL entries that apply to the file in the following way:
- <UL
-><LI
-><P
->If the first <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> mode bit is not set, no one (including the owner) can read the
- file, no matter what permissions they have on the ACL. If the bit is set, users also need the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions on
- the ACL of the file's directory to read the file.</P
-></LI
-><LI
-><P
->If the first <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> mode bit is not set, no one (including the owner) can modify the
- file. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> bit is set, users also need the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions on the ACL of the file's directory to modify the file.</P
-></LI
-><LI
-><P
->There is no ACL permission directly corresponding to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->x</B
-></SPAN
-> mode bit, but to
- execute a file stored in AFS, the user must also have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions on the ACL of the file's directory.</P
-></LI
-></UL
-></P
-></LI
-></UL
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c29323.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c32432.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Administering the Protection Database</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p24911.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Managing Administrative Privilege</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Managing Administrative Privilege</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing Users and Groups"
-HREF="p24911.html"><LINK
-REL="PREVIOUS"
-TITLE="Managing Access Control Lists"
-HREF="c31274.html"><LINK
-REL="NEXT"
-TITLE="Managing the NFS/AFS Translator"
-HREF="a33047.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c31274.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="a33047.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ581"
-></A
->Chapter 16. Managing Administrative Privilege</H1
-><P
->This chapter explains how to enable system administrators and operators to perform privileged AFS operations.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ582"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN32438"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="70*"><COL
-WIDTH="30*"><TBODY
-><TR
-><TD
->Display members of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Add user to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove user from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag in Authentication Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set or remove <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on Authentication Database entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display users in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Add user to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos adduser</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove user from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos removeuser</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ584"
->An Overview of Administrative Privilege</A
-></H1
-><P
->A fully privileged AFS system administrator has the following characteristics: <UL
-><LI
-><P
->Membership in the cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. See <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->.</P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on his or her entry in the cell's Authentication Database. See <A
-HREF="c32432.html#HDRWQ589"
->Granting Privilege for kas Commands: the ADMIN Flag</A
->.</P
-></LI
-><LI
-><P
->Inclusion in the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> on the local disk of each AFS server
- machine in the cell. See <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->.</P
-></LI
-></UL
-></P
-><P
->This section describes the three privileges and explains why more than one privilege is necessary.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Never grant any administrative privilege to the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
->, even when a server
- outage makes it impossible to mutually authenticate. If you grant such privilege, then any user who can access a machine in
- your cell can issue privileged commands. The alternative solution is to put the affected server machine into no-authentication
- mode and use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-noauth</B
-></SPAN
-> flag available on many commands to prevent mutual authentication
- attempts. For further discussion, see <A
-HREF="c3025.html#HDRWQ123"
->Managing Authentication and Authorization
- Requirements</A
->.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ585"
->The Reason for Separate Privileges</A
-></H2
-><P
->Often, a cell's administrators require full administrative privileges to perform their jobs effectively. However,
- separating the three types of privilege makes it possible to grant only the minimum set of privileges that a given
- administrator needs to complete his or her work.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group privilege is perhaps the most basic, and most
- frequently used during normal operation (when all the servers are running normally). When the Protection Database is
- unavailable due to machine or server outage, it is not possible to issue commands that require this type of privilege.</P
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag privilege is separate because of the extreme sensitivity of the
- information in the Authentication Database, especially the server encryption key in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
->
- entry. When the Authentication Database is unavailable due to machine or server outage, it is not possible to issue commands
- that require this type of privilege.</P
-><P
->The ability to issue privileged <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> command is
- recorded in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file on the local disk of each AFS server machine
- rather than in a database, so that in case of serious server or network problems administrators can still log onto server
- machines and use those commands while solving the problem.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ586"
->Administering the system:administrators Group</A
-></H1
-><P
->The first type of AFS administrative privilege is membership . Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group in the Protection Database have the following privileges: <UL
-><LI
-><P
->Permission to issue all <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> commands, which are used to administer the Protection
- Database. See <A
-HREF="c29323.html"
->Administering the Protection Database</A
->.</P
-></LI
-><LI
-><P
->Permission to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setquota</B
-></SPAN
->
- commands, which set the space quota on volumes as described in <A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume
- Quota and Current Size</A
->.</P
-></LI
-><LI
-><P
->Implicit <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions on the access control list (ACL) on every
- directory in the cell's AFS filespace. Members of the group can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command
- to grant themselves any other permissions they require, as described in <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL
- Entries</A
->.</P
-><P
->You can change the ACL permissions that the File Server on a given file server machine implicitly grants to the
- members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group for the data in volumes that it houses. When
- you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command to create and start the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process on the machine, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-implicit</B
-></SPAN
-> argument to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fileserver</B
-></SPAN
-> initialization command. For syntax details, see the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fileserver</B
-></SPAN
-> reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->. You can
- grant additional permissions, or remove the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission. However, the File Server always
- implicitly grants the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permission to members of the group, even if you set the value of
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-implicit</B
-></SPAN
-> argument to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ587"
->To display the members of the system:administrators group</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to display the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group's list of members. Any user can issue this command as long as the first
- privacy flag on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group's Protection Database entry is not
- changed from the default value of uppercase <SAMP
-CLASS="computeroutput"
->S</SAMP
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-> is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->membership</B
-></SPAN
->.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_657"
->To add users to the system:administrators group</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> group to add one or more users. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser -user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group system:administrators</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ad</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->adduser</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Names each user to add to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ588"
->To remove users from the system:administrators group</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-> command to remove one or more users. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser -user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->>+ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group system:administrators</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rem</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->removeuser</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Names each user to remove from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ589"
->Granting Privilege for kas Commands: the ADMIN Flag</A
-></H1
-><P
->Administrators who have the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on their Authentication Database entry can issue
- all <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> commands, which enable them to administer the Authentication Database. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ590"
->To check if the ADMIN flag is set</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
-><A
-NAME="LIWQ591"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command to display an entry from the
- Authentication Database.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UFS) identity, which possibly does not correspond to an AFS-privileged administrator. Include
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin_username</B
-></SPAN
-> argument (here abbreviated to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
->) to name a user identity that has the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its
- Authentication Database entry.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->e</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->examine</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Names the entry to display.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account with the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication
- Database entry, such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> account. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->If the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag is turned on, it appears on the first line, as in this
- example:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas e terry -admin admin</B
-></SPAN
->
- Administrator's (admin) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
- User data for terry (ADMIN)
- key version is 0, etc...
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_661"
->To set or remove the ADMIN flag</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command to turn on the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag in an Authentication Database entry.</P
-><P
->The Authentication Server performs its own authentication rather than accepting your existing AFS token. By default,
- it authenticates your local (UNIX) identity, which possibly does not correspond to an AFS-privileged administrator.
- Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> argument to name an identity that has the
- <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication Database entry. To verify that an entry has the flag,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c32432.html#HDRWQ590"
->To check if the
- ADMIN flag is set</A
->.</P
-><P
->The following command appears on two lines only for legibility.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->name of user</VAR
->> {<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ADMIN</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NOADMIN</B
-></SPAN
->} \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->admin principal to use for authentication</VAR
->>
- Administrator's (admin_user) password: <<VAR
-CLASS="replaceable"
->admin_password</VAR
->>
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sf</B
-></SPAN
-></DT
-><DD
-><P
->Is an alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setfields</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setf</B
-></SPAN
-> is the
- shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of user</B
-></SPAN
-></DT
-><DD
-><P
->Names the entry for which to set or remove the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ADMIN | NOADMIN</B
-></SPAN
-></DT
-><DD
-><P
->Sets or removes the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag, respectively.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-admin</B
-></SPAN
-></DT
-><DD
-><P
->Names an administrative account with the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on its Authentication
- Database entry, such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->admin</B
-></SPAN
-> account. The password prompt echoes it as
- admin_user. Enter the appropriate password as admin_password.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ592"
->Administering the UserList File</A
-></H1
-><P
->Inclusion in the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> on the local disk of each AFS server machine
- enables an administrator to issue commands from the indicated suites. <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> commands enable the administrator to manage server processes and the server
- configuration files that define the cell's database server machines, server encryption keys, and privileged users. See
- <A
-HREF="c3025.html"
->Administering Server Machines</A
-> and <A
-HREF="c6449.html"
->Monitoring and Controlling
- Server Processes</A
->.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> commands enable the administrator to manage volumes and the Volume Location
- Database (VLDB). See <A
-HREF="c8420.html"
->Managing Volumes</A
->.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands enable the administrator to use the AFS Backup System to copy
- data to permanent storage. See <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
-> and <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
->.</P
-></LI
-></UL
-></P
-><P
->Although each AFS server machine maintains a separate copy of the file on its local disk, it is conventional to keep all
- copies the same. It can be confusing for an administrator to have the privilege on some machines but not others. </P
-><P
->If your cell runs the United States edition of AFS and uses the Update Server to distribute the contents of the system
- control machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory, then edit only the copy of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file stored on the system control machine. If you have forgotten which machine is the system
- control machine, see <A
-HREF="c3025.html#HDRWQ90"
->The Four Roles for File Server Machines</A
->.</P
-><P
->If your cell runs the international edition of AFS, or does not use a system control machine, then you must edit the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file on each server machine individually.</P
-><P
->To avoid making formatting errors that can result in performance problems, never edit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file directly. Instead, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos adduser</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos removeuser</B
-></SPAN
-> commands as described in this section. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ593"
->To display the users in the UserList file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command to display the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listu</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listusers</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names an AFS server machine. In the normal case, any machine is acceptable because the file is the same on
- all of them.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ594"
->To add users to the UserList file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If not, you must have a
- qualified administrator add you before you can add entries to it yourself. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in
- the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos adduser</B
-></SPAN
-> command to add one or more users to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos adduser</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->user names</VAR
->>+
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addu</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->adduser</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the system control machine if you use the Update Server to distribute the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory (possible only in cells running the United States edition of AFS).
- By default, it can take up to five minutes for the Update Server to distribute the changes, so newly added users
- must wait that long before attempting to issue privileged commands.</P
-><P
->If you are running the international edition of AFS, or do not use the Update Server, repeat the command,
- substituting the name of each AFS server machine for machine name in turn.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user names</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the username of each administrator to add to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
->
- file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_665"
->To remove users from the UserList file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If not, you must have a
- qualified administrator add you before you can remove entries from it yourself. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in
- the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos removeuser</B
-></SPAN
-> command to remove one or more users from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos removeuser</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->user names</VAR
->>+
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->removeu</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->removeuser</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the system control machine if you use the Update Server to distribute the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory (possible only in cells running the United States edition of AFS).
- By default, it can take up to five minutes for the Update Server to distribute the change, so newly removed users
- can continue to issue privileged commands during that time.</P
-><P
->If you are running the international edition of AFS, or do not use the Update Server, repeat the command,
- substituting the name of each AFS server machine for machine name in turn.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user names</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the username of each administrator to add to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UserList</B
-></SPAN
->
- file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c31274.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="a33047.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Managing Access Control Lists</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p24911.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Managing the NFS/AFS Translator</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Monitoring and Controlling Server Processes</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing File Server Machines"
-HREF="p3023.html"><LINK
-REL="PREVIOUS"
-TITLE="Administering Server Machines"
-HREF="c3025.html"><LINK
-REL="NEXT"
-TITLE="Managing Volumes"
-HREF="c8420.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c3025.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c8420.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ142"
-></A
->Chapter 4. Monitoring and Controlling Server Processes</H1
-><P
->One of your most important responsibilities as a system administrator is ensuring that the processes on file server machines
- are running correctly. The BOS Server, which runs on every file server machine, relieves you of much of the responsibility by
- constantly monitoring the other AFS server processes on its machine. It can automatically restart processes that have failed,
- ordering the restarts to take interdependencies into account.</P
-><P
->Because different file server machines run different combinations of processes, you must define which processes the BOS
- Server on each file server machine is to monitor (to learn how, see <A
-HREF="c6449.html#HDRWQ154"
->Controlling and Checking Process
- Status</A
->).</P
-><P
->It is sometimes necessary to take direct control of server process status before performing routine maintenance or
- correcting problems that the BOS Server cannot correct (such as problems with database replication or mutual authentication). At
- those times, you control process status through the BOS Server by issuing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> commands.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ143"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN6465"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL><COL><TBODY
-><TR
-><TD
->Examine process status</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Examine information from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig file</B
-></SPAN
-> file</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag</TD
-></TR
-><TR
-><TD
->Create a process instance</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Stop a process</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stop</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Start a stopped process</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos start</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Stop a process temporarily</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos shutdown</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Start a temporarily stopped process</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Stop and immediately restart a process</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Stop and immediately restart all processes</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-bosserver</B
-></SPAN
-> flag</TD
-></TR
-><TR
-><TD
->Examine BOS Server's restart times</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getrestart</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set BOS Server's restart times</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setrestart</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Examine a log file</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Execute a command remotely</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos exec</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ145"
->Brief Descriptions of the AFS Server Processes</A
-></H1
-><P
->This section briefly describes the different server processes that can run on an AFS server machine. In cells with
- multiple server machines, not all processes necessarily run on all machines.</P
-><P
->An AFS server process is referred to in one of three ways, depending on the context: <UL
-><LI
-><P
->The output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command refers to a process by the name assigned
- when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command creates its entry in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/BosConfig</B
-></SPAN
-> file. The name can differ from machine to machine, but it is easiest to
- maintain the cell if you assign the same name on all machines. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> and the
- reference page for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command list the conventional names. Examples are
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bosserver</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaserver</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vlserver</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->The process listing produced by the standard <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command generally matches the
- process's binary file. Examples of process binary files are <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/bosserver</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/kaserver</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/vlserver</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->In most contexts, including most references in the documentation, a process is referred to as (for example) the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Basic OverSeer (BOS) Server</B
-></SPAN
->, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Authentication Server</B
-></SPAN
->,
- or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Volume Location Server</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-><P
->The following sections specify each name for the process as well as some of the administrative tasks in which you use the
- process. For a more general description of the servers, see <A
-HREF="c130.html#HDRWQ17"
->AFS Server Processes and the Cache
- Manager</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ146"
->The bosserver Process: the Basic OverSeer Server</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bosserver</B
-></SPAN
-> process, which runs on every AFS server machine, is the Basic OverSeer
- (BOS) Server responsible for monitoring the other AFS server processes running on its machine. If a process fails, the BOS
- Server can restart it automatically, without human intervention. It takes interdependencies into account when restarting a
- process that has multiple component processes (such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process described in <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->).</P
-><P
->Because the BOS Server does not monitor or restart itself, it does not appear in the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command. It appears in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command's output as
- <SAMP
-CLASS="computeroutput"
->/usr/afs/bin/bosserver</SAMP
->.</P
-><P
->As a system administrator, you contact the BOS Server when you issue <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> commands to
- perform the following kinds of tasks. <UL
-><LI
-><P
->Defining the processes for the BOS Server to monitor by creating entries in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/BosConfig</B
-></SPAN
-> file as described in <A
-HREF="c6449.html#HDRWQ154"
->Controlling and Checking
- Process Status</A
-></P
-></LI
-><LI
-><P
->Stopping and starting processes on the file server machines according to subsequent instructions in this
- chapter</P
-></LI
-><LI
-><P
->Defining your cell's database server machines in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/CellServDB</B
-></SPAN
-> file
- as described in <A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server CellServDB File</A
-></P
-></LI
-><LI
-><P
->Defining AFS server encryption keys in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file as described
- in <A
-HREF="c20494.html"
->Managing Server Encryption Keys</A
->.</P
-></LI
-><LI
-><P
->Granting system administrator privileges with respect to BOS Server, Volume Server, and Backup Server operations,
- by adding a user to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file as described in <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
-></P
-></LI
-><LI
-><P
->Setting authorization checking requirements on a server machine as described in <A
-HREF="c3025.html#HDRWQ123"
->Managing
- Authentication and Authorization Requirements</A
-></P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ147"
->The buserver Process: the Backup Server</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver</B
-></SPAN
-> process, which runs on database server machines, is the Backup Server. It
- maintains information about Backup System configuration and operations in the Backup Database.</P
-><P
->The process appears as <SAMP
-CLASS="computeroutput"
->buserver</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
->
- command's output, if the conventional name is assigned. It appears in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command's output
- as <SAMP
-CLASS="computeroutput"
->/usr/afs/bin/buserver</SAMP
->.</P
-><P
->As a system administrator, you contact the Backup Server when you issue any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->
- command that manipulates information in the Backup Database, including those that change Backup System configuration
- information, that dump data from volumes to permanent storage, or that restore data to AFS. See <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
-> and <A
-HREF="c15383.html"
->Backing Up and Restoring AFS
- Data</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process, which runs on every file server machine, combines three component
- processes: File Server, Volume Server and Salvager. The three components perform independent functions, but are controlled as
- a single process for the following reasons. <UL
-><LI
-><P
->They all operate on the same data, namely files and directories stored in AFS volumes. Combining them as a single
- process enables them to coordinate their actions, never attempting simultaneous operations on the same data that can
- possibly corrupt it.</P
-></LI
-><LI
-><P
->It enables the BOS Server to stop and restart the processes in the required order. When the File Server fails, the
- BOS Server stops the Volume Server and runs the Salvager to correct any corruption that resulted from the failure. (The
- Salvager runs only in this special circumstance or when you invoke it yourself by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- salvage</B
-></SPAN
-> command as instructed in <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->.) If only the Volume
- Server fails, the BOS Server can restart it without affecting the File Server or Salvager.</P
-></LI
-></UL
-></P
-><P
->The File Server component handles AFS data at the level of files and directories, manipulating file system elements as
- requested by application programs and the standard operating system commands. Its main duty is to deliver requested files to
- client machines and store them again on the server machine when the client is finished. It also maintains status and
- protection information about each file and directory. It runs continuously during normal operation.</P
-><P
->The Volume Server component handles AFS data at the level of complete volumes rather than files and directories. In
- response to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> commands, it creates, removes, moves, dumps and restores entire volumes,
- among other actions. It runs continuously during normal operation.</P
-><P
->The Salvager component runs only after the failure of one of the other two processes. It checks the file system for
- internal consistency and repairs any errors it finds.</P
-><P
->The process appears as <SAMP
-CLASS="computeroutput"
->fs</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command's
- output, if the conventional name is assigned. An auxiliary message reports the status of the File Server or Salvager
- component. See <A
-HREF="c6449.html#HDRWQ158"
->Displaying Process Status and Information from the BosConfig File</A
->.</P
-><P
->The component processes of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process appear individually in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command's output, as follows. There is no entry for the <SAMP
-CLASS="computeroutput"
->fs</SAMP
-> process
- itself. <UL
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->/usr/afs/bin/fileserver</SAMP
-></P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->/usr/afs/bin/volserver</SAMP
-></P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->/usr/afs/bin/salvager</SAMP
-></P
-></LI
-></UL
-></P
-><P
->The Cache Manager contacts the File Server component on your behalf whenever you access data or status information in an
- AFS file or directory or issue file manipulation commands such as the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cp</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> commands. You can contact the File Server directly by issuing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->
- commands that perform the following functions <UL
-><LI
-><P
->Administering the ACL of any directory in the file system as described in <A
-HREF="c31274.html"
->Managing Access
- Control Lists</A
-></P
-></LI
-><LI
-><P
->Installing new partitions for housing AFS volumes, in which case you must restart the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process for it to recognize the new partition; for instructions, see <A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
-></P
-></LI
-><LI
-><P
->Creating and deleting volume mount points in the AFS filespace as described in <A
-HREF="c8420.html#HDRWQ208"
->Mounting
- Volumes</A
-></P
-></LI
-><LI
-><P
->Setting volume quota and displaying information about the space used and available in a volume or partition as
- described in <A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume Quota and Current Size</A
-></P
-></LI
-></UL
-></P
-><P
->You contact the Volume Server component when you issue <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> commands that manipulate
- volumes in any way--creating, removing, replicating, moving, renaming, converting to different formats, and salvaging. For
- instructions, see <A
-HREF="c8420.html"
->Managing Volumes</A
->.</P
-><P
->The Salvager normally runs automatically in case of a failure. You can also start it with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- salvage</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ149"
->The kaserver Process: the Authentication Server</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaserver</B
-></SPAN
-> process, which runs on database server machines, is the Authentication
- Server responsible for several aspects of AFS security. It verifies AFS user identity by requiring a password. It maintains
- all AFS server encryption keys and user passwords in the Authentication Database. The Authentication Server's Ticket Granting
- Service (TGS) module creates the shared secrets that AFS client and server processes use when establishing secure
- connections.</P
-><P
->The process appears as <SAMP
-CLASS="computeroutput"
->kaserver</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
->
- command's output, if the conventional name is assigned. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ka</B
-></SPAN
-> string stands for
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Kerberos Authentication</I
-></SPAN
->, reflecting the fact that AFS's authentication protocols are based on Kerberos,
- which was originally developed at the Massachusetts Institute of Technology's Project Athena.</P
-><P
->It appears in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command's output as
- <SAMP
-CLASS="computeroutput"
->/usr/afs/bin/kaserver</SAMP
->.</P
-><P
->As a system administrator, you contact the Authentication Server when you issue <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
->
- commands to perform the following kinds of tasks. <UL
-><LI
-><P
->Setting a user's password. Users normally change their own passwords, so you probably perform this task only
- creating a new user account as described in <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
-> and <A
-HREF="c27596.html#HDRWQ516"
->Changing AFS Passwords</A
->.</P
-></LI
-><LI
-><P
->Setting the AFS server encryption key in the Authentication Database, which the TGS uses to seal server tickets;
- see <A
-HREF="c20494.html"
->Managing Server Encryption Keys</A
->.</P
-></LI
-><LI
-><P
->Granting or revoking system administrator privileges with respect to the Authentication Server as described in
- <A
-HREF="c32432.html#HDRWQ589"
->Granting Privilege for kas Commands: the ADMIN Flag</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ150"
->The ptserver Process: the Protection Server</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ptserver</B
-></SPAN
-> process, which runs on database server machines, is the Protection Server.
- Its main responsibility is maintaining the Protection Database which contains user, machine, and group entries. The Protection
- Server allocates AFS IDs and maintains the mapping between them and names. The File Server consults the Protection Server when
- verifying that a user is authorized to perform a requested action.</P
-><P
->The process appears as <SAMP
-CLASS="computeroutput"
->ptserver</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
->
- command's output, if the conventional name is assigned. It appears in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command's output
- as <SAMP
-CLASS="computeroutput"
->/usr/afs/bin/ptserver</SAMP
->.</P
-><P
->As a system administrator, you contact the Protection Server when you issue <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
->
- commands to perform the following kinds of tasks. <UL
-><LI
-><P
->Creating a new user, machine, or group entry in the Protection Database as described in <A
-HREF="c29323.html"
->Administering the Protection Database</A
-></P
-></LI
-><LI
-><P
->Adding or removing group members or otherwise manipulating Protection Database entries as described in <A
-HREF="c29323.html"
->Administering the Protection Database</A
-></P
-></LI
-><LI
-><P
->Granting or revoking system administrator privilege by changing the membership of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group as described in <A
-HREF="c32432.html#HDRWQ586"
->Administering the
- system:administrators Group</A
-></P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ151"
->The runntp Process</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->runntp</B
-></SPAN
-> process, which runs on every server machine, is a controller program for the
- Network Time Protocol Daemon (NTPD), which synchronizes the hardware clocks on server machines. You need to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->runntp</B
-></SPAN
-> process if you are not already running NTP or another time synchronization protocol on your
- server machines.</P
-><P
->The clocks on database server machines need to be synchronized because AFS's distributed database technology (Ubik)
- works properly only when the clocks agree within a narrow range of variation (see <A
-HREF="c3025.html#HDRWQ103"
->Configuring the
- Cell for Proper Ubik Operation</A
->). The clocks on file server machines need to be correct not only because the File Server
- sets modification time stamps on files, but because in the conventional configuration they serve as the time source for AFS
- client machines.</P
-><P
->The process appears as <SAMP
-CLASS="computeroutput"
->runntp</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
->
- command's output, if the conventional name is assigned. It appears in the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
->
- command as <SAMP
-CLASS="computeroutput"
->/usr/afs/bin/runntp</SAMP
->. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command's output also
- includes an entry called <SAMP
-CLASS="computeroutput"
->ntpd</SAMP
->; its exact form depends on the arguments you provide to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->runntp</B
-></SPAN
-> command.</P
-><P
->As a system administrator, you do not contact the NTPD directly once you have installed it according to the instructions
- in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ152"
->The upserver and upclient Processes: the Update Server</A
-></H2
-><P
->The Update Server has two separate parts, each of which runs on a different type of server machine. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upserver</B
-></SPAN
-> process is the server portion of the Update Server. Its function depends on which edition of
- AFS you use: <UL
-><LI
-><P
->With both the United States and international editions, it runs on the binary distribution machine of each system
- type you use as a server machine, distributing the contents of each one's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
->
- directory to the other server machines of that type. This guarantees that all machines have the same version of AFS
- binaries. (For a list of the binaries, see <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin
- Directory</A
->.)</P
-></LI
-><LI
-><P
->In you use the United States edition of AFS, it also runs on the cell's system control machine, distributing the
- contents of its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory to all the other server machines in order to
- synchronize the configuration files stored in that directory. (For a list of the configuration files, see <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->.)</P
-></LI
-></UL
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclient</B
-></SPAN
-> process is the client portion of the Update Server, and like the server
- portion its function depends on the AFS edition in use. <UL
-><LI
-><P
->It runs on every server machine that is not a binary distribution machine, referencing the binary distribution
- machine of its system type as the source for updates to the binaries in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory. The conventional process name to assign is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientbin</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->If you use the United States edition of AFS, another instance of the process runs on every server machine except
- the system control machine. It references the system control machine as the source for updates to the common
- configuration files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory. The conventional process name to
- assign is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-><P
->In output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command, the server portion appears as
- <SAMP
-CLASS="computeroutput"
->upserver</SAMP
-> and the client portions as <SAMP
-CLASS="computeroutput"
->upclientbin</SAMP
-> and
- <SAMP
-CLASS="computeroutput"
->upclientetc</SAMP
->, if the conventional names are assigned. In the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command, the server portion appears as <SAMP
-CLASS="computeroutput"
->/usr/afs/bin/upserver</SAMP
-> and
- the client portions as /usr/afs/bin/upclient.</P
-><P
->You do not contact the Update Server directly once you have installed it. It operates automatically whenever you use
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> commands to change the files that it distributes.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ153"
->The vlserver Process: the Volume Location Server</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vlserver</B
-></SPAN
-> process, which runs on database server machines, is the Volume Location
- (VL) Server that automatically tracks which file server machines house each volume, making its location transparent to client
- applications.</P
-><P
->The process appears as <SAMP
-CLASS="computeroutput"
->vlserver</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
->
- command's output, if the conventional name is assigned. It appears in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ps</B
-></SPAN
-> command's output
- as <SAMP
-CLASS="computeroutput"
->/usr/afs/bin/vlserver</SAMP
->.</P
-><P
->As a system administrator, you contact the VL Server when you issue any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> command
- that changes the status of a volume (it records the status changes in the VLDB).</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ154"
->Controlling and Checking Process Status</A
-></H1
-><P
->To define the AFS server processes that run on a server machine, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
->
- command to create entries for them in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/BosConfig</B
-></SPAN
-> file. The BOS Server
- monitors the processes listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file that are marked with the
- <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> status flag, and automatically attempts to restart them if they fail. After creating
- process entries, you use other commands from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> suite to stop and start processes or
- change the status flag as desired.</P
-><P
->Never edit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file directly rather than using <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> commands. Similarly, it is not a good practice to run server processes without listing them in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, or to stop them using process termination commands such as the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kill</B
-></SPAN
-> command.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_176"
->The Information in the BosConfig File</A
-></H2
-><P
->A process's entry in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file includes the following information:
- <UL
-><LI
-><P
->The process's name. The recommended conventional names are defined in both the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick
- Beginnings</I
-></SPAN
-> and <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->. The name of a simple process
- usually matches the name of its binary file (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ptserver</B
-></SPAN
-> for the Protection
- Server).</P
-></LI
-><LI
-><P
->Its type, which is one of the following: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->simple</B
-></SPAN
-></DT
-><DD
-><P
->A process that runs independently of any other on the server machine. If several simple processes fail at
- the same time, the BOS Server can restart them in any order. All standard AFS processes except the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process are simple.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-></DT
-><DD
-><P
->A process type reserved for the server process for which the conventional name is also <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->. This process combines three components: the File Server, the Volume Server, and the
- Salvager.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cron</B
-></SPAN
-></DT
-><DD
-><P
->A process that runs at a defined time rather than continuously. There are no standard processes of this
- type.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->Its status flag, which tells the BOS Server whether it performs the following two actions with respect to the
- process: <UL
-><LI
-><P
->Start the process during BOS Server initialization</P
-></LI
-><LI
-><P
->Restart the process if it (the process) fails</P
-></LI
-></UL
-></P
-><P
->The two possible values are <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> (which directs the BOS Server to perform these
- actions) and <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
-> (which directs the BOS Server to ignore the process). The BOS
- Server itself never changes the setting of this flag, even if the process fails repeatedly. Also, this flag is for
- internal use only; it does not appear in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command's output.</P
-></LI
-><LI
-><P
->Its command parameters, which are the commands that the BOS Server runs to start the process. <UL
-><LI
-><P
->A simple processes has one: the complete pathname to its binary file</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process has three: the complete pathnames to each of the three
- component processes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/fileserver</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/volserver</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/salvager</B
-></SPAN
->)</P
-></LI
-><LI
-><P
->A cron process has two: the first the complete pathname to its binary file, the second the time at which the
- BOS Server runs it</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-><P
->In addition to process definitions, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file also records automatic restart
- times for processes that have new binaries, and for all server processes including the BOS Server. See <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ155"
->How the BOS Server Uses the Information in the BosConfig File</A
-></H2
-><P
->Whenever the BOS Server starts or restarts, it reads the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file to learn which
- processes it is to start and monitor. It transfers the information into kernel memory and does not read the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file again until it next restarts. This implies that the BOS Server's memory state can change
- independently of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. You can, for example, stop a process but leave its
- status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file as <SAMP
-CLASS="computeroutput"
->Run</SAMP
->, or start a process
- even though its status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file is
- <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
-></H2
-><P
->When you start or stop a database server process (Authentication Server, Backup Server, Protection Server, or Volume
- Location Server) for more than a short time, you must follow the instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick
- Beginnings</I
-></SPAN
-> for installing or removing a database server machine. Here is a summary of the tasks you must perform to
- preserve correct AFS functioning. <UL
-><LI
-><P
->Start or stop all four database server processes on that machine. All AFS server processes and the Cache Manager
- processes expect all four database server processes to be running on each machine listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file. There is no way to indicate in the file that a machine is running only some of
- the database server processes.</P
-></LI
-><LI
-><P
->Add or remove the machine in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/CellServDB</B
-></SPAN
-> file on all server
- machines and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file on all client machines.</P
-></LI
-><LI
-><P
->Restart the database server processes on the other database server machines to force an election of a new Ubik
- coordinator for each one.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ157"
->About Starting and Stopping the Update Server</A
-></H2
-><P
->In the conventional cell configuration, one server machine of each system type acts as a binary distribution machine,
- running the server portion of the Update Server (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upserver</B
-></SPAN
-> process) to distribute the contents
- of its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory. The other server machines of its system type run an instance
- of the Update Server client portion (by convention called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientbin</B
-></SPAN
->) that references the
- binary distribution machine.</P
-><P
->If you run the United States edition of AFS, it is conventional for the first server machine you install to act as the
- system control machine, running the server portion of the Update Server (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upserver</B
-></SPAN
-> process) to
- distribute the contents of its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory. All other server machines run an
- instance of the Update Server client portion (by convention called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
->) that
- references the system control machine.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If you are using the international edition of AFS, do not use the Update Server to distribute the contents of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory (you do not run a system control machine). Ignore all references to
- the process in this chapter.</P
-></BLOCKQUOTE
-></DIV
-><P
->It is simplest not to move binary distribution or system control responsibilities to a different machine unless you
- completely decommission a machine that is currently serving in one of those roles. Running the Update Server usually imposes
- very little processing load. If you must move the functionality, perform the following related tasks. <UL
-><LI
-><P
->If you replace the system control machine, you must stop the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
-> process
- on every other server machine and define a new one that references the new system control machine.</P
-></LI
-><LI
-><P
->If you replace a binary distribution machine, you must stop the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientbin</B
-></SPAN
->
- process on every other server machine of its system type and define a new one that references the new binary
- distribution machine (unless you are no longer running any server machines of that system type).</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ158"
->Displaying Process Status and Information from the BosConfig File</A
-></H1
-><P
->To display the status of the AFS server processes on a server machine, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- status</B
-></SPAN
-> command. Adding the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag displays most of the information from each
- process's entry in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, including its type and command parameters. It also
- displays a warning message if the mode bits on files and subdirectories in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs</B
-></SPAN
->
- directory do not match the expected values.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->server process name</VAR
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stat</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->status</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the file server machine for which to display process status.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->server process name</B
-></SPAN
-></DT
-><DD
-><P
->Names each process for which to display status, using the name assigned when its entry was defined with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command. Omit this argument to display the status of all server
- processes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-></DT
-><DD
-><P
->Displays, in addition to status, information from the process's entry in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file: its type, its status flag, its command parameters, the associated notifier
- program, and so on.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The output includes an entry for each process and uses one of the following strings to indicate the process's status:
- <UL
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->currently running normally</SAMP
-> indicates that the process is running and its status
- flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file is <SAMP
-CLASS="computeroutput"
->Run</SAMP
->. For cron entries,
- this message indicates that the command is still scheduled to run, not necessarily that it is actually running when the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command was issued.</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->temporarily enabled</SAMP
-> indicates that the process is running but that its status
- flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file is <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
->. The most common
- reason is that a system administrator has used the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-> command to start the
- process.</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->temporarily disabled</SAMP
-> indicates that the process is not running even though its
- status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file is <SAMP
-CLASS="computeroutput"
->Run</SAMP
->. The most
- common reasons are either that a system administrator has used the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos shutdown</B
-></SPAN
-> command
- to stop the process or that the BOS Server ceased trying to restart the process after numerous failed attempts. In the
- latter case, a supplementary message appears: <SAMP
-CLASS="computeroutput"
->stopped for too many errors</SAMP
->.</P
-></LI
-><LI
-><P
->disabled indicates that the process is not running and that its status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file is <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
->. The BOS Server is not monitoring the
- process. Only a system administrator can set the flag this way; the BOS Server never does.</P
-></LI
-></UL
-></P
-><P
->The output for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process always includes a message marked
- <SAMP
-CLASS="computeroutput"
->Auxiliary status</SAMP
->, which can be one of the following: <UL
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->file server running</SAMP
-> indicates that the File Server and Volume Server components
- of the File Server process are running normally.</P
-></LI
-><LI
-><P
-><SAMP
-CLASS="computeroutput"
->salvaging file system</SAMP
-> indicates that the Salvager is running, which usually
- implies that the File Server and Volume Server are temporarily disabled. The BOS Server restarts them as soon as the
- Salvager is finished.</P
-></LI
-></UL
-></P
-><P
->The output for a cron process also includes an <SAMP
-CLASS="computeroutput"
->Auxiliary status</SAMP
-> message to report when
- the command is scheduled to run next; see the example that follows.</P
-><P
->The output for any process can include the supplementary message <SAMP
-CLASS="computeroutput"
->has core file</SAMP
-> to
- indicate that at some point the process failed and generated a core file in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs</B
-></SPAN
->
- directory. In most cases, the BOS Server is able to restart the process and it is running.</P
-><P
->The following example includes a user-defined cron entry called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backupusers</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status fs3.abc.com</B
-></SPAN
->
- Instance kaserver, currently running normally.
- Instance ptserver, currently running normally.
- Instance vlserver, has core file, currently running normally.
- Instance buserver, currently running normally.
- Instance fs, currently running normally.
- Auxiliary status is: file server running.
- Instance upserver, currently running normally.
- Instance runntp, currently running normally.
- Instance backupusers, currently running normally.
- Auxiliary status is: run next at Mon Jun 7 02:00:00 1999.
-</PRE
-><P
->If you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
->
- command, a process's entry in the output includes the following additional information from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file: <UL
-><LI
-><P
->The process's type (<SAMP
-CLASS="computeroutput"
->simple</SAMP
->, <SAMP
-CLASS="computeroutput"
->fs</SAMP
->, or
- <SAMP
-CLASS="computeroutput"
->cron</SAMP
->).</P
-></LI
-><LI
-><P
->The day and time the process last started or restarted.</P
-></LI
-><LI
-><P
->The number of <SAMP
-CLASS="computeroutput"
->proc starts</SAMP
->, which is how many times the BOS Server has started or
- restarted the process since it started itself.</P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->Last exit</SAMP
-> time when the process (or one of the component processes in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process) last terminated. This line does not appear if the process has not
- terminated since the BOS Server started.</P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->Last error exit</SAMP
-> time when the process (or one of the component processes in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process) last failed due to an error. A further explanation such as
- <SAMP
-CLASS="computeroutput"
->due to shutdown request</SAMP
-> sometimes appears. This line does not appear if the process has
- not failed since the BOS Server started.</P
-></LI
-><LI
-><P
->Each command that the BOS Server invokes to start the process, as specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmd</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->The pathname of the notifier program that the BOS Server invokes when the process terminates (if any), as
- specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-notifier</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
->
- command.</P
-></LI
-></UL
-></P
-><P
->In addition, if the BOS Server has found that the mode bits on certain files and directories under <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs</B
-></SPAN
-> deviate from what it expects, it prints the following warning message:</P
-><PRE
-CLASS="programlisting"
-> Bosserver process reports inappropriate access on server directories
-</PRE
-><P
->The expected protections for the directories and files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs</B
-></SPAN
-> directory are as
- follows. A question mark indicates that the BOS Server does not check the mode bit. See the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick
- Beginnings</I
-></SPAN
-> for more information about setting the protections on these files and directories.</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN7243"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL><COL><TBODY
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->drwxr?xr-x</SAMP
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/backup</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->drwx???---</SAMP
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->drwxr?xr-x</SAMP
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/db</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->drwx???---</SAMP
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->drwxr?xr-x</SAMP
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->-rw????---</SAMP
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->-rw?????--</SAMP
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->drwx???---</SAMP
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs</B
-></SPAN
-></TD
-><TD
-><SAMP
-CLASS="computeroutput"
->drwxr?xr-x</SAMP
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-><P
->The following illustrates the extended output for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process running on the machine
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs3.abc.com</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status fs3.abc.com fs -long</B
-></SPAN
->
- Instance fs, (type is fs), currently running normally.
- Auxiliary status is file server running
- Process last started at Mon May 3 8:29:19 1999 (3 proc starts)
- Last exit at Mon May 3 8:29:19 1999
- Last error exit at Mon May 3 8:29:19 1999, due to shutdown request
- Command 1 is '/usr/afs/bin/fileserver'
- Command 2 is '/usr/afs/bin/volserver'
- Command 3 is '/usr/afs/bin/salvager'
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ161"
->Creating and Removing Processes</A
-></H1
-><P
->To start a new AFS server process on a server machine, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command,
- which creates an entry in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/BosConfig</B
-></SPAN
-> file, sets the process's status flag to
- <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> both in the file and in the BOS Server's memory, and starts it running immediately. The
- binary file for the new process must already be installed, by convention in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
->
- directory (see <A
-HREF="c3025.html#HDRWQ111"
->Installing New Binaries</A
->).</P
-><P
->To stop a process permanently, first issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stop</B
-></SPAN
-> command, which changes the
- process's status flag to <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
-> in both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file and
- the BOS Server's memory; it is marked as <SAMP
-CLASS="computeroutput"
->disabled</SAMP
-> in the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command. If desired, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos delete</B
-></SPAN
-> command to remove
- the process's entry from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file; the process no longer appears in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command's output.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If you are starting or stopping a database server process in the manner described in this section, follow the complete
- instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> for creating or removing a database server machine. If you
- run one database server process on a given machine, you must run them all; for more information, see <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->. Similarly, if you are stopping the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upserver</B
-></SPAN
-> process on the system control machine or a binary distribution machine, you must
- complete the additional tasks described in <A
-HREF="c6449.html#HDRWQ157"
->About Starting and Stopping the Update
- Server</A
->.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ162"
->To create and start a new process</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Verify that the process's binaries are installed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory on this machine. If necessary, login at the console or telnet to the machine
- and list the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory.</P
-><P
->If the binaries are not present, install them on the binary distribution machine of the appropriate system type, and
- wait for the Update Server to copy them to this machine. For instructions, see <A
-HREF="c3025.html#HDRWQ111"
->Installing New
- Binaries</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls /usr/afs/bin</B
-></SPAN
->
-</PRE
-></LI
-><LI
-><P
-><A
-NAME="LIWQ163"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command to create an entry in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file and start the process. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->server process name</VAR
->> \
- <<VAR
-CLASS="replaceable"
->server type</VAR
->> <<VAR
-CLASS="replaceable"
->command lines</VAR
->>+ [ <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-notifier</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->Notifier program</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cr</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->create</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the file server machine on which to create the process.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->server process name</B
-></SPAN
-></DT
-><DD
-><P
->Names the process to create and start. For simple processes, the conventional value is the name of the
- process's binary file. It is best to use the same name on every server machine that runs the process. The
- following is a list of the conventional names for simple and fs-type processes (there are no standard cron
- processes). <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->buserver</B
-></SPAN
-> for the Backup Server</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> for the process that combines the File Server, Volume Server, and
- Salvager</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kaserver</B
-></SPAN
-> for the Authentication Server</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ptserver</B
-></SPAN
-> for the Protection Server</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->runntp</B
-></SPAN
-> for the controller process for the Network Time Protocol
- Daemon</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientbin</B
-></SPAN
-> for the client portion of the Update Server that
- references the binary distribution machine of this machine's system type</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclientetc</B
-></SPAN
-> for the client portion of the Update Server that
- references the system control machine</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vlserver</B
-></SPAN
-> for the Volume Location (VL) Server</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->server type</B
-></SPAN
-></DT
-><DD
-><P
->Defines the process's type. Choose one of the following values: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cron</B
-></SPAN
-> for a cron process</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> for the process named <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->simple</B
-></SPAN
-> for all other processes listed as acceptable values for the
- server process name argument</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->command lines</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each command the BOS Server runs to start the process. Specify no more than six commands (which
- can include the command's options, in which case the entire string is surrounded by double quotes); any additional
- commands are ignored.</P
-><P
->For a simple process, provide the complete pathname of the process's binary file on the local disk (for
- example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/ptserver</B
-></SPAN
-> for the Protection Server). If including any of
- the initialization command's options, surround the entire command in double quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->"
- "</B
-></SPAN
->). The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upclient</B
-></SPAN
-> process has a required argument, and the commands for
- all other processes take optional arguments.</P
-><P
->For the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process, provide the complete pathname of the local disk binary
- file for each of the component processes: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fileserver</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volserver</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->salvager</B
-></SPAN
->, in that order. The standard
- binary directory is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
->. If including any of an initialization command's
- options, surround the entire command in double quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->" "</B
-></SPAN
->).</P
-><P
->For a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cron</B
-></SPAN
-> process, provide two parameters: <UL
-><LI
-><P
->The complete local disk pathname of either an executable file or a command from one of the AFS suites
- (complete with all of the necessary arguments). Surround this parameter with double quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->" "</B
-></SPAN
->) if it contains spaces.</P
-></LI
-><LI
-><P
->A specification of when the BOS Server executes the file or command indicated by the first parameter.
- There are three acceptable values: <UL
-><LI
-><P
->The string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->now</B
-></SPAN
->, which directs the BOS Server to execute the
- file or command immediately and only once. It is usually simpler to issue the command directly or
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos exec</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->A time of day. The BOS Server executes the file or command daily at the indicated time. Separate
- the hours and minutes with a colon (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->hh</I
-></SPAN
->:<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->MM</I
-></SPAN
->), and use either
- 24-hour format, or a value in the range from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1:00</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->12:59</B
-></SPAN
-> with the addition of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->am</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pm</B
-></SPAN
->. For example, both <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->14:30</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->"2:30 pm"</B
-></SPAN
-> indicate 2:30 in the afternoon. Surround this parameter with double
- quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->" "</B
-></SPAN
->) if it contains a space.</P
-></LI
-><LI
-><P
->A day of the week and time of day, separated by a space and surrounded with double quotes
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->" "</B
-></SPAN
->). The BOS Server executes the file or command weekly at the
- indicated day and time. For the day, provide either the whole name or the first three letters, all in
- lowercase letters (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sunday</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sun</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thursday</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thu</B
-></SPAN
->, and so on). For the
- time, use the same format as when specifying the time alone.</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-notifier</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of a program that the BOS Server runs when the process terminates. For more
- information on notifier programs, see the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command reference page in
- the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The following example defines and starts the Protection Server on the machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->db2.abc.com</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create db2.abc.com ptserver simple /usr/afs/bin/ptserver</B
-></SPAN
->
-</PRE
-><P
->The following example defines and starts the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process on the machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs6.abc.com</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create fs6.abc.com fs fs /usr/afs/bin/fileserver</B
-></SPAN
-> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin/volserver /usr/afs/bin/salvager</B
-></SPAN
->
-</PRE
-><P
->The following example defines and starts a cron process called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backupuser</B
-></SPAN
-> process on
- the machine <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs3.abc.com</B
-></SPAN
->, scheduling it to run each day at 3:00 a.m.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create fs3.abc.com backupuser cron "/usr/afs/bin/vos backupsys -prefix user -local" 3:00</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_184"
->To stop a process and remove it from the BosConfig file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIPROC-STOP"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stop</B
-></SPAN
-> command to change each process's
- status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file to <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
-> and to stop
- it. You must issue this command even for cron processes that you wish to remove from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, even though they do not run continuously. For a detailed description of this
- command, see <A
-HREF="c6449.html#HDRWQ165"
->To stop a process by changing its status to
- <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
-></A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stop</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->server process name</VAR
->>+ [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-wait</B
-></SPAN
->]
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIPROC-DEL"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos delete</B
-></SPAN
-> command to remove each process from
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos delete</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->server process name</VAR
->>+
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine on which to remove processes from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->server process name</B
-></SPAN
-></DT
-><DD
-><P
->Names each process entry to remove from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. Provide the
- same names as in Step <A
-HREF="c6449.html#LIPROC-STOP"
->2</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ164"
->Stopping and Starting Processes Permanently</A
-></H1
-><P
->To stop a process so that the BOS Server no longer attempts to monitor it, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- stop</B
-></SPAN
-> command. The process's status flag is set to <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
-> in both the BOS Server's
- memory and in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. The process does not run again until you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos start</B
-></SPAN
-> command, which sets its status flag back to <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in both the
- BOS Server's memory and in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. (You can also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- startup</B
-></SPAN
-> command to start the process again without changing its status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file; see <A
-HREF="c6449.html#HDRWQ167"
->Stopping and Starting Processes Temporarily</A
->.)</P
-><P
->There is no entry for the BOS Server in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, so the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stop</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos start</B
-></SPAN
-> commands do not control it. To stop and
- immediately restart the BOS Server along with all other processes, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-bosserver</B
-></SPAN
-> flag to
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command as described in <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately
- Restarting Processes</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If you are starting or stopping a database server process in the manner described in this section, follow the complete
- instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> for creating or removing a database server machine. If you
- run one database server process on a given machine, you must run them all; for more information, see <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->. Similarly, if you are stopping the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->upserver</B
-></SPAN
-> process on the system control machine or a binary distribution machine, you must
- complete the additional tasks described in <A
-HREF="c6449.html#HDRWQ157"
->About Starting and Stopping the Update
- Server</A
->.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ165"
->To stop a process by changing its status to NotRun</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are authenticated as a user listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stop</B
-></SPAN
-> command to stop each process and set its status flag to
- <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file and the BOS Server's
- memory. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos stop</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->server process name</VAR
->>+ [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-wait</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sto</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stop</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine on which to stop the process.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->server process name</B
-></SPAN
-></DT
-><DD
-><P
->Names each process to stop, using the name assigned when its entry was defined with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create</B
-></SPAN
-> command.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-wait</B
-></SPAN
-></DT
-><DD
-><P
->Delays the return of the command shell prompt until all specified processes have stopped. If you omit the
- flag, the prompt returns almost immediately, even if all processes are not yet stopped.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ166"
->To start processes by changing their status flags to Run</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIPROC-START"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos start</B
-></SPAN
-> command to change each process's
- status flag to <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file and the
- BOS Server's memory and to start it. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos start</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->server process name</VAR
->>+
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->start</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine on which to start running each process.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->server process name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each process to start on machine name. Use the name assigned to the process at creation.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ167"
->Stopping and Starting Processes Temporarily</A
-></H1
-><P
->It is sometimes necessary to halt a process temporarily (for example, to make slight configuration changes or to perform
- maintenance). The commands described in this section change a process's status in the BOS Server's memory only; the effect is
- immediate and lasts until you change the memory state again (or until the BOS Server restarts, at which time it starts the
- process according to its entry in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file).</P
-><P
->To stop a process temporarily by changing its status flag in BOS Server memory to <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
->,
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos shutdown</B
-></SPAN
-> command. To restart a stopped process by changing its status flag in the
- BOS Server's memory to <SAMP
-CLASS="computeroutput"
->Run</SAMP
->, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-> command. The
- process starts regardless of its status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. You can also use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-> command to start all processes marked with status flag
- <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, as described in the following
- instructions.</P
-><P
->Because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-> command starts a process without changing it status flag in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, it is useful for testing a server process without enabling it permanently. To
- stop and start processes by changing their status flags in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, see <A
-HREF="c6449.html#HDRWQ164"
->Stopping and Starting Processes Permanently</A
->; to stop and immediately restart a process, see <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Do not temporarily stop a database server process on all machines at once. Doing so makes the database completely
- unavailable.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ168"
->To stop processes temporarily</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ169"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos shutdown</B
-></SPAN
-> command to stop each process by
- changing its status flag in the BOS Server's memory to <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos shutdown</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->instances</VAR
->>+] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-wait</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sh</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->shutdown</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine on which to stop processes temporarily.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->instances</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each process to stop temporarily. Use the name assigned to the process at creation.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-wait</B
-></SPAN
-></DT
-><DD
-><P
->Delays the return of the command shell prompt until all specified processes have actually stopped. If you
- omit the flag, the prompt returns almost immediately, even if all processes are not yet stopped.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_190"
->To start all stopped processes that have status flag Run in the BosConfig file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-> command to start each process on a machine that has status
- flag <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file by changing its status
- flag in the BOS Server's memory from <SAMP
-CLASS="computeroutput"
->NotRun</SAMP
-> to <SAMP
-CLASS="computeroutput"
->Run</SAMP
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->startup</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine on which you wish to start all processes that have status flag
- <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_191"
->To start specific processes</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-> command to start specific processes by changing their status
- flags in the BOS Server's memory to <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> without changing their status flags in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos startup</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->instances</VAR
->>+
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->startup</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the server machine on which to start processes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->instances</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each process to start. Use the name assigned to the process at creation.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ170"
->Stopping and Immediately Restarting Processes</A
-></H1
-><P
->Although by default the BOS Server checks each day for new installed binary files and restarts the associated processes,
- it is sometimes desirable to stop and restart processes immediately. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command
- provides this functionality, starting a completely new instance of each affected process: <UL
-><LI
-><P
->To stop and restart the BOS Server, which then restarts all processes marked with the
- <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, include the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-bosserver</B
-></SPAN
-> flag.</P
-></LI
-><LI
-><P
->To stop and restart all processes marked with the <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> status flag in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-> flag. The BOS Server does not
- restart</P
-></LI
-><LI
-><P
->To stop and restart specific processes regardless of the setting of their status flags in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file, specify the name of each process to restart.</P
-></LI
-></UL
-></P
-><P
->Restarting processes causes a service outage. It is usually best to schedule restarts for periods of low usage. The BOS
- Server automatically restarts all processes once a week, to reduce the potential for the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->core leaks</I
-></SPAN
-> that
- can develop as any process runs for an extended time; see <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart
- Times</A
->.</P
-><P
-> </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_193"
->To stop and restart all processes including the BOS Server</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-bosserver</B
-></SPAN
->
- flag to stop and restart the BOS Server, which restarts every process marked with status flag
- <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-bosserver</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->res</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restart</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine on which to restart all processes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-bosserver</B
-></SPAN
-></DT
-><DD
-><P
->Stops the BOS Server and all processes running on the machine. A new BOS Server instance starts; it then
- starts new instances of all processes marked with status flag <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_194"
->To stop and immediately restart all processes except the BOS Server</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-> flag
- to stop and immediately restart every process marked with status flag <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file. The BOS Server does not restart. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->res</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restart</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine on which to stop and restart processes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-></DT
-><DD
-><P
->Stops and immediately restarts all processes marked with status flag <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_195"
->To stop and immediately restart specific processes</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command to stop and immediately restart one or more specified
- processes, regardless of their status flag setting in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->instances</VAR
->>+
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->res</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restart</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the server machine on which to restart the specified processes.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->instances</B
-></SPAN
-></DT
-><DD
-><P
->Specifies each process to stop and immediately restart. Use the name assigned to the process at
- creation.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ171"
->Setting the BOS Server's Restart Times</A
-></H1
-><P
->The BOS Server by default restarts once a week, and the new instance restarts all processes marked with status flag
- <SAMP
-CLASS="computeroutput"
->Run</SAMP
-> in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/BosConfig</B
-></SPAN
-> file (this is
- equivalent to issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos restart</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-bosserver</B
-></SPAN
-> flag). The default restart time is Sunday at 4:00 a.m. The weekly restart is designed to
- minimize core leaks, which can develop as a process continues to allocate virtual memory but does not free it again. When the
- memory is completely exhausted, the machine can no longer function correctly.</P
-><P
->The BOS Server also by default checks once a day for any newly installed binary files. If it finds that the modification
- time stamp on a process's binary file in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory is more recent than the
- time at which the process last started, it restarts the process so that a new instance starts using the new binary file. The
- default binary-checking time is 5:00 a.m.</P
-><P
->Because restarts can cause outages during which the file system is inaccessible, the default times for restarts are in the
- early morning when usage is likely to be lowest. Restarting a database server process on any database server machine usually
- makes the entire system unavailable to everyone for a brief time, whereas restarting other types of processes inconveniences
- only users interacting with that process on that machine. The longest outages typically result from restarting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process, because the File Server must reattach all volumes.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file on each file server machine records the two restart times. To display
- the current setting, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getrestart</B
-></SPAN
-> command. To reset a time, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setrestart</B
-></SPAN
-> command.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_197"
->To display the BOS Server restart times</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getrestart</B
-></SPAN
-> command to display the automatic restart times.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getrestart</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getr</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getrestart</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine for which to display the restart times.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ172"
->To set the general or binary restart time</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setrestart</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-general</B
-></SPAN
->
- flag to set the general restart time or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newbinary</B
-></SPAN
-> flag to set the binary restart
- time. The command accepts only one of the flags at a time. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setrestart</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> "<<VAR
-CLASS="replaceable"
->time to restart server</VAR
->>" [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-general</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newbinary</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setr</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setrestart</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->time to restart server</B
-></SPAN
-></DT
-><DD
-><P
->Sets when the BOS Server restarts itself (if combined with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-general</B
-></SPAN
->
- flag) or any process with a new binary file (if combined with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newbinary</B
-></SPAN
->
- flag). Provide one of the following types of values: <UL
-><LI
-><P
->The string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->never</B
-></SPAN
->, which directs the BOS Server never to perform the
- indicated type of restart.</P
-></LI
-><LI
-><P
->A time of day (the conventional type of value for the binary restart time). Separate the hours and
- minutes with a colon (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->hh</I
-></SPAN
->:<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->MM</I
-></SPAN
->), and use either 24-hour format, or a
- value in the range from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1:00</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->12:59</B
-></SPAN
->
- with the addition of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->am</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pm</B
-></SPAN
->. For
- example, both <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->14:30</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->"2:30 pm"</B
-></SPAN
-> indicate
- 2:30 in the afternoon. Surround this parameter with double quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->" "</B
-></SPAN
->) if
- it contains a space.</P
-></LI
-><LI
-><P
->A day of the week and time of day, separated by a space and surrounded with double quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->" "</B
-></SPAN
->). This is the conventional type of value for the general restart. For the day,
- provide either the whole name or the first three letters, all in lowercase letters (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sunday</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sun</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thursday</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->thu</B
-></SPAN
->, and so on). For the time, use the
- same format as when specifying the time alone.</P
-></LI
-></UL
-></P
-><P
->If desired, precede a time or day and time definition with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->every</B
-></SPAN
->
- or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->at</B
-></SPAN
->. These words do not change the meaning, but possibly make the output of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getrestart</B
-></SPAN
-> command easier to understand.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If the specified time is within one hour of the current time, the BOS Server does not perform the restart
- until the next eligible time (the next day for a time or next week for a day and time).</P
-></BLOCKQUOTE
-></DIV
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-general</B
-></SPAN
-></DT
-><DD
-><P
->Sets the general restart time when the BOS Server restarts itself.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-newbinary</B
-></SPAN
-></DT
-><DD
-><P
->Sets the restart time for processes with new binary files.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ173"
->Displaying Server Process Log Files</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs</B
-></SPAN
-> directory on each file server machine contains log files that detail
- interesting events that occur during normal operation of some AFS server processes. The self-explanatory information in the log
- files can help you evaluate process failures and other problems. To display a log file remotely, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> command. You can also establish a connection to the server machine and use a text editor or
- other file display program (such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat</B
-></SPAN
-> command).</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Log files can grow unmanageably large if you do not periodically shutdown and restart the database server processes (for
- example, if you disable the general restart time). In this case it is a good policy periodically to issue the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rm</B
-></SPAN
-> command to delete the current log file. The server process automatically creates a new one as
- needed.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_200"
->To examine a server process log file</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> command to display a log file. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->log file to examine</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getl</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->getlog</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the server machine from which to display the log file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->log file to examine</B
-></SPAN
-></DT
-><DD
-><P
->Names the log file to be displayed. Provide one of the following file names to display the indicated log
- file from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs</B
-></SPAN
-> directory. <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->AuthLog</B
-></SPAN
-> for the Authentication Server log file</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BackupLog</B
-></SPAN
-> for the Backup Server log file</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosLog</B
-></SPAN
-> for the BOS Server log file</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FileLog</B
-></SPAN
-> for the File Server log file</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->SalvageLog</B
-></SPAN
-> for the Salvager log file</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->VLLog</B
-></SPAN
-> for the Volume Location (VL) Server log file</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->VolserLog</B
-></SPAN
-> for the Volume Server log file</P
-></LI
-></UL
-></P
-><P
->You can provide a full or relative pathname to display a file from another directory. Relative pathnames are
- interpreted relative to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs</B
-></SPAN
-> directory.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c3025.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c8420.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Administering Server Machines</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p3023.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Managing Volumes</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Issues in Cell Configuration and Administration</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Concepts and Configuration Issues"
-HREF="p128.html"><LINK
-REL="PREVIOUS"
-TITLE="An Overview of AFS Administration"
-HREF="c130.html"><LINK
-REL="NEXT"
-TITLE="Managing File Server Machines"
-HREF="p3023.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c130.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="p3023.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ29"
-></A
->Chapter 2. Issues in Cell Configuration and Administration</H1
-><P
->This chapter discusses many of the issues to consider when configuring and administering a cell, and directs you to detailed
- related information available elsewhere in this guide. It is assumed you are already familiar with the material in <A
-HREF="c130.html"
->An Overview of AFS Administration</A
->.</P
-><P
->It is best to read this chapter before installing your cell's first file server machine or performing any other
- administrative task.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ30"
->Differences between AFS and UNIX: A Summary</A
-></H1
-><P
->AFS behaves like a standard UNIX file system in most respects, while also making file sharing easy within and between
- cells. This section describes some differences between AFS and the UNIX file system, referring you to more detailed information
- as appropriate.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_35"
->Differences in File and Directory Protection</A
-></H2
-><P
->AFS augments the standard UNIX file protection mechanism in two ways: it associates an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->access control list
- (ACL)</I
-></SPAN
-> with each directory, and it enables users to define a large number of their own groups, which can be placed
- on ACLs.</P
-><P
->AFS uses ACLs to protect files and directories, rather than relying exclusively on the mode bits. This has several
- implications, which are discussed further in the indicated sections: <UL
-><LI
-><P
->AFS ACLs use seven access permissions rather than the three UNIX mode bits. See <A
-HREF="c31274.html#HDRWQ567"
->The AFS
- ACL Permissions</A
->.</P
-></LI
-><LI
-><P
->For directories, AFS ignores the UNIX mode bits. For files, AFS uses only the first set of mode bits (the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->owner</B
-></SPAN
-> bits) , and their meaning interacts with permissions on the directory's ACL. See
- <A
-HREF="c31274.html#HDRWQ580"
->How AFS Interprets the UNIX Mode Bits</A
->.</P
-></LI
-><LI
-><P
->A directory's ACL protects all of the files in a directory in the same manner. To apply a more restrictive set of
- AFS permissions to certain file, place it in directory with a different ACL.</P
-></LI
-><LI
-><P
->Moving a file to a different directory changes its protection. See <A
-HREF="c31274.html#HDRWQ566"
->Differences Between
- UFS and AFS Data Protection</A
->.</P
-></LI
-><LI
-><P
->An ACL can include about 20 entries granting different combinations of permissions to different users or groups,
- rather than only the three UNIX entities represented by the three sets of mode bits. See <A
-HREF="c31274.html#HDRWQ566"
->Differences Between UFS and AFS Data Protection</A
->.</P
-></LI
-><LI
-><P
->You can designate an AFS file as write-only as in the UNIX file system, by setting only the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) mode bit. You cannot designate an AFS directory as
- write-only, because AFS ignores the mode bits on a directory. See <A
-HREF="c31274.html#HDRWQ580"
->How AFS Interprets the UNIX
- Mode Bits</A
->.</P
-></LI
-></UL
-></P
-><P
->AFS enables users to define the groups of other users. Placing these groups on ACLs extends the same permissions to a
- number of exactly specified users at the same time, which is much more convenient than placing the individuals on the ACLs
- directly. See <A
-HREF="c29323.html"
->Administering the Protection Database</A
->.</P
-><P
->There are also system-defined groups, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
->, whose presence on an ACL extends access to a wide range of users at once. See <A
-HREF="c29323.html#HDRWQ535"
->The System Groups</A
-> and <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ31"
->Differences in Authentication</A
-></H2
-><P
->Just as the AFS filespace is distinct from each machine's local file system, AFS authentication is separate from local
- login. This has two practical implications, which are discussed further in <A
-HREF="c667.html#HDRWQ65"
->Using an AFS-modified login
- Utility</A
->. <UL
-><LI
-><P
->To access AFS files, users must both log into the local machine's UNIX file system and authenticate with the AFS
- authentication service. (Logging into the local UNIX file system is necessary because the AFS filespace is accessed
- through the Cache Manager, which resides in the local machine's kernel.)</P
-><P
->AFS provides a modified login utility for each system type that accomplishes both local login and AFS
- authentication in one step, based on a single password. If you choose not to use the AFS-modified login utility, your
- users must login and authenticate in separate steps, as detailed in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS User Guide</I
-></SPAN
->.</P
-></LI
-><LI
-><P
->Passwords are stored in two separate places: the Authentication Database for AFS and each machine's local password
- file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) for the UNIX file system. A user's passwords in the
- two places can differ if desired, though the resulting behavior depends on whether and how the cell is using an
- AFS-modified login utility.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
-></H2
-><P
->This section summarizes how AFS modifies the functionality of some UNIX commands. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The chmod command</B
-></SPAN
-></DT
-><DD
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can use this command to turn on
- the setuid, setgid or sticky mode bits on AFS files. For more information, see <A
-HREF="c21473.html#HDRWQ409"
->Determining if
- a Client Can Run Setuid Programs</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The chown command</B
-></SPAN
-></DT
-><DD
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can issue this command on AFS
- files.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The chgrp command</B
-></SPAN
-></DT
-><DD
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> can issue this command on AFS files
- and directories.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The ftpd daemon</B
-></SPAN
-></DT
-><DD
-><P
->The AFS-modified version of this daemon attempts to authenticate remote issuers of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ftp</B
-></SPAN
-> command with the local AFS authentication service. See <A
-HREF="c667.html#HDRWQ78"
->Using UNIX
- Remote Services in the AFS Environment</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The groups command</B
-></SPAN
-></DT
-><DD
-><P
->If the user's AFS tokens are associated with a process authentication group (PAG), the output of this command
- sometimes includes two large numbers. To learn about PAGs, see <A
-HREF="c667.html#HDRWQ64"
->Identifying AFS Tokens by
- PAG</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The inetd daemon</B
-></SPAN
-></DT
-><DD
-><P
->The AFS-modified version of this daemon authenticates remote issuers of the AFS-modified <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rcp</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rsh</B
-></SPAN
-> commands with the local AFS authentication
- service. See <A
-HREF="c667.html#HDRWQ78"
->Using UNIX Remote Services in the AFS Environment</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The login utility</B
-></SPAN
-></DT
-><DD
-><P
->AFS-modified login utilities both log the issuer into the local file system and authenticate the user with the
- AFS authentication service. See <A
-HREF="c667.html#HDRWQ65"
->Using an AFS-modified login Utility</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The ln command</B
-></SPAN
-></DT
-><DD
-><P
->This command cannot create hard links between files in different AFS directories. See <A
-HREF="c667.html#HDRWQ32"
->Creating Hard Links</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The rcp command</B
-></SPAN
-></DT
-><DD
-><P
->The AFS-modified version of this command enables the issuer to access files on the remote machine as an
- authenticated AFS user. See <A
-HREF="c667.html#HDRWQ78"
->Using UNIX Remote Services in the AFS Environment</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The rlogind daemon</B
-></SPAN
-></DT
-><DD
-><P
->The AFS-modified version of this daemon authenticates remote issuers of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlogin</B
-></SPAN
-> command with the local AFS authentication service. See <A
-HREF="c667.html#HDRWQ78"
->Using
- UNIX Remote Services in the AFS Environment</A
->.</P
-><P
->The AFS distribution for some system types possibly does not include a modified <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlogind</B
-></SPAN
-> program. See the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Release Notes</I
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The remsh or rsh command</B
-></SPAN
-></DT
-><DD
-><P
->The AFS-modified version of this command enables the issuer to execute commands on the remote machine as an
- authenticated AFS user. See <A
-HREF="c667.html#HDRWQ78"
->Using UNIX Remote Services in the AFS Environment</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_38"
->The AFS version of the fsck Command</A
-></H2
-><P
->Never run the standard UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsck</B
-></SPAN
-> command on an AFS file server machine. It does not
- understand how the File Server organizes volume data on disk, and so moves all AFS data into the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lost+found</B
-></SPAN
-> directory on the partition.</P
-><P
->Instead, use the version of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsck</B
-></SPAN
-> program that is included in the AFS distribution.
- The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> explains how to replace the vendor-supplied <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsck</B
-></SPAN
-> program with the AFS version as you install each server machine.</P
-><P
->The AFS version functions like the standard <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsck</B
-></SPAN
-> program on data stored on both UFS and
- AFS partitions. The appearance of a banner like the following as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsck</B
-></SPAN
-> program initializes
- confirms that you are running the correct one:</P
-><PRE
-CLASS="programlisting"
-> --- AFS (R) version fsck---
-</PRE
-><P
->where <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->version</I
-></SPAN
-> is the AFS version. For correct results, it must match the AFS version of the server
- binaries in use on the machine.</P
-><P
->If you ever accidentally run the standard version of the program, contact AFS Product Support immediately. It is
- sometimes possible to recover volume data from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lost+found</B
-></SPAN
-> directory.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ32"
->Creating Hard Links</A
-></H2
-><P
->AFS does not allow hard links (created with the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ln</B
-></SPAN
-> command) between files that
- reside in different directories, because in that case it is unclear which of the directory's ACLs to associate with the
- link.</P
-><P
->AFS also does not allow hard links to directories, in order to keep the file system organized as a tree.</P
-><P
->It is possible to create symbolic links (with the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ln -s</B
-></SPAN
-> command) between elements
- in two different AFS directories, or even between an element in AFS and one in a machine's local UNIX file system. Do not
- create a symbolic link to a file whose name begins with either a number sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->#</B
-></SPAN
->) or a percent
- sign (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->%</B
-></SPAN
->), however. The Cache Manager interprets such links as a mount point to a regular or
- read/write volume, respectively.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ33"
->AFS Implements Save on Close</A
-></H2
-><P
->When an application issues the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> system call on a file, the Cache Manager
- performs a synchronous write of the data to the File Server that maintains the central copy of the file. It does not return
- control to the application until the File Server has acknowledged receipt of the data. For the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsync</B
-></SPAN
-> system call, control does not return to the application until the File Server indicates that it
- has written the data to non-volatile storage on the file server machine.</P
-><P
->When an application issues the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
-> system call, the Cache Manager writes
- modifications to the local AFS client cache only. If the local machine crashes or an application program exits without issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> system call, it is possible that the modifications are not recorded in the central
- copy of the file maintained by the File Server. The Cache Manager does sometimes write this type of modified data from the
- cache to the File Server without receiving the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsync</B
-></SPAN
-> system call, for example if it needs to free cache chunks for new data. However, it is not
- generally possible to predict when the Cache Manager transfers modified data to the File Server in this way.</P
-><P
->The implication is that if an application's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Save</B
-></SPAN
-> option invokes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
-> system call rather than <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fsync</B
-></SPAN
->, the changes are not necessarily stored permanently on the File Server machine. Most application
- programs issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->close</B
-></SPAN
-> system call for save operations, as well as when they finish
- handling a file and when they exit.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_41"
->Setuid Programs</A
-></H2
-><P
->Set the UNIX setuid bit only for the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->; this does not present an
- automatic security risk: the local superuser has no special privilege in AFS, but only in the local machine's UNIX file system
- and kernel.</P
-><P
->Any file can be marked with the setuid bit, but only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> system call or the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/chown</B
-></SPAN
-> command.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setcell</B
-></SPAN
-> command determines whether setuid programs that originate in a foreign
- cell can run on a given client machine. See <A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid
- Programs</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ34"
->Choosing a Cell Name</A
-></H1
-><P
->This section explains how to choose a cell name and explains why choosing an appropriate cell name is important.</P
-><P
->Your cell name must distinguish your cell from all others in the AFS global namespace. By conventions, the cell name is
- the second element in any AFS pathname; therefore, a unique cell name guarantees that every AFS pathname uniquely identifies a
- file, even if cells use the same directory names at lower levels in their local AFS filespace. For example, both the ABC
- Corporation cell and the State University cell can have a home directory for the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->,
- because the pathnames are distinct: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr/pat</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/stateu.edu/usr/pat</B
-></SPAN
->.</P
-><P
->By convention, cell names follow the ARPA Internet Domain System conventions for site names. If you are already an
- Internet site, then it is simplest to choose your Internet domain name as the cellname.</P
-><P
->If you are not an Internet site, it is best to choose a unique Internet-style name, particularly if you plan to connect to
- the Internet in the future. AFS Product Support is available for help in selecting an appropriate name. There are a few
- constraints on AFS cell names: <UL
-><LI
-><P
->It can contain as many as 64 characters, but shorter names are better because the cell name frequently is part of
- machine and file names. If your cell name is long, you can reduce pathname length by creating a symbolic link to the
- complete cell name, at the second level in your file tree. See <A
-HREF="c667.html#HDRWQ42"
->The Second (Cellname)
- Level</A
->.</P
-></LI
-><LI
-><P
->To guarantee it is suitable for different operating system types, the cell name can contain only lowercase
- characters, numbers, underscores, dashes, and periods. Do not include command shell metacharacters.</P
-></LI
-><LI
-><P
->It can include any number of fields, which are conventionally separated by periods (see the examples below).</P
-></LI
-><LI
-><P
->It must end in a suffix that indicates the type of institution it is, or the country in which it is situated. The
- following are some of the standard suffixes: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.com</B
-></SPAN
-></DT
-><DD
-><P
->For businesses and other commercial organizations. Example: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> for the
- ABC Corporation cell.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.edu</B
-></SPAN
-></DT
-><DD
-><P
->For educational institutions such as universities. Example: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu.edu</B
-></SPAN
-> for
- the State University cell.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.gov</B
-></SPAN
-></DT
-><DD
-><P
->For United States government institutions.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.mil</B
-></SPAN
-></DT
-><DD
-><P
->For United States military installations.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></UL
-></P
-><P
->Other suffixes are available if none of these are appropriate. You can learn about suffixes by calling the Defense Data
- Network [Internet] Network Information Center in the United States at (800) 235-3155. The NIC can also provide you with the
- forms necessary for registering your cell name as an Internet domain name. Registering your name prevents another Internet site
- from adopting the name later.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_43"
->How to Set the Cell Name</A
-></H2
-><P
->The cell name is recorded in two files on the local disk of each file server and client machine. Among other functions,
- these files define the machine's cell membership and so affect how programs and processes run on the machine; see <A
-HREF="c667.html#HDRWQ35"
->Why Choosing the Appropriate Cell Name is Important</A
->. The procedure for setting the cell name is
- different for the two types of machines.</P
-><P
->For file server machines, the two files that record the cell name are the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/ThisCell</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/CellServDB</B
-></SPAN
-> files. As described
- more explicitly in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
->, you set the cell name in both by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setcellname</B
-></SPAN
-> command on the first file server machine you install in your cell. It is not usually
- necessary to issue the command again. If you run the United States edition of AFS and use the Update Server, it distributes
- its copy of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> files to additional
- server machines that you install. If you use the international edition of AFS, the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick
- Beginnings</I
-></SPAN
-> explains how to copy the files manually.</P
-><P
->For client machines, the two files that record the cell name are the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> files. You create
- these files on a per-client basis, either with a text editor or by copying them onto the machine from a central source in AFS.
- See <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
-> for details.</P
-><P
->Change the cell name in these files only when you want to transfer the machine to a different cell (it can only belong
- to one cell at a time). If the machine is a file server, follow the complete set of instructions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS
- Quick Beginnings</I
-></SPAN
-> for configuring a new cell. If the machine is a client, all you need to do is change the files
- appropriately and reboot the machine. The next section explains further the negative consequences of changing the name of an
- existing cell.</P
-><P
->To set the default cell name used by most AFS commands without changing the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> file, set the AFSCELL environment variable in the command shell. It is worth
- setting this variable if you need to complete significant administrative work in a foreign cell.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> commands do not
- use the AFSCELL variable. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command always defaults to the cell named in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> file, unless the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument is used. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command defaults to the cell in which the parent directory of the new mount
- point resides.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ35"
->Why Choosing the Appropriate Cell Name is Important</A
-></H2
-><P
->Take care to select a cell name that is suitable for long-term use. Changing a cell name later is complicated. An
- appropriate cell name is important because it is the second element in the pathname of all files in a cell's file tree.
- Because each cell name is unique, its presence in an AFS pathname makes the pathname unique in the AFS global namespace, even
- if multiple cells use similar filespace organization at lower levels. For instance, it means that every cell can have a home
- directory called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/pat</B
-></SPAN
-> without causing a conflict. The presence of the cell name in pathnames also means that users
- in every cell use the same pathname to access a file, whether the file resides in their local cell or in a foreign
- cell.</P
-><P
->Another reason to choose the correct cell name early in the process of installing your cell is that the cell membership
- defined in each machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> file affects the performance of many programs and
- processes running on the machine. For instance, AFS commands (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> commands) by default
- execute in the cell of the machine on which they are issued. The command interpreters check the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> file on the local disk and then contact the database server machines listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file for the indicated cell (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> commands work
- differently because the issuer always has to name of the machine on which to run the command).</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> file also determines the cell for which a user receives an AFS token when
- he or she logs in to a machine. The cell name also plays a role in security. As it converts a user password into an encryption
- key for storage in the Authentication Database, the Authentication Server combines the password with the cell name found in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> file. AFS-modified login utilities use the same algorithm to convert the user's
- password into an encryption key before contacting the Authentication Server to obtain a token for the user. (For a description
- of how AFS's security system uses encryption keys, see <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual
- Authentication</A
->.)</P
-><P
->This method of converting passwords into encryption keys means that the same password results in different keys in
- different cells. Even if a user uses the same password in multiple cells, obtaining a user's token from one cell does not
- enable unauthorized access to the user's account in another cell.</P
-><P
->If you change the cell name, you must change the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> files on every server and client machine. Failure to change them all can prevent login,
- because the encryption keys produced by the login utility do not match the keys stored in the Authentication Database. In
- addition, many commands from the AFS suites do not work as expected.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ36"
->Participating in the AFS Global Namespace</A
-></H1
-><P
->Participating in the AFS global namespace makes your cell's local file tree visible to AFS users in foreign cells and
- makes other cells' file trees visible to your local users. It makes file sharing across cells just as easy as sharing within a
- cell. This section outlines the procedures necessary for participating in the global namespace. <UL
-><LI
-><P
->Participation in the global namespace is not mandatory. Some cells use AFS primarily to facilitate file sharing
- within the cell, and are not interested in providing their users with access to foreign cells.</P
-></LI
-><LI
-><P
->Making your file tree visible does not mean making it vulnerable. You control how foreign users access your cell
- using the same protection mechanisms that control local users' access. See <A
-HREF="c667.html#HDRWQ40"
->Granting and Denying
- Foreign Users Access to Your Cell</A
->.</P
-></LI
-><LI
-><P
->The two aspects of participation are independent. A cell can make its file tree visible without allowing its users
- to see foreign cells' file trees, or can enable its users to see other file trees without advertising its own.</P
-></LI
-><LI
-><P
->You make your cell visible to others by advertising your database server machines. See <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->.</P
-></LI
-><LI
-><P
->You control access to foreign cells on a per-client machine basis. In other words, it is possible to make a foreign
- cell accessible from one client machine in your cell but not another. See <A
-HREF="c667.html#HDRWQ39"
->Making Other Cells
- Visible in Your Cell</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ37"
->What the Global Namespace Looks Like</A
-></H2
-><P
->The AFS global namespace appears the same to all AFS cells that participate in it, because they all agree to follow a
- small set of conventions in constructing pathnames.</P
-><P
->The first convention is that all AFS pathnames begin with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> to indicate
- that they belong to the AFS global namespace.</P
-><P
->The second convention is that the cell name is the second element in an AFS pathname; it indicates where the file
- resides (that is, the cell in which a file server machine houses the file). As noted, the presence of a cell name in pathnames
- makes the global namespace possible, because it guarantees that all AFS pathnames are unique even if cells use the same
- directory names at lower levels in their AFS filespace.</P
-><P
->What appears at the third and lower levels in an AFS pathname depends on how a cell has chosen to arrange its filespace.
- There are some suggested conventional directories at the third level; see <A
-HREF="c667.html#HDRWQ43"
->The Third
- Level</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ38"
->Making Your Cell Visible to Others</A
-></H2
-><P
->You make your cell visible to others by advertising your cell name and database server machines. Just like client
- machines in the local cell, the Cache Manager on machines in foreign cells use the information to reach your cell's Volume
- Location (VL) Servers when they need volume and file location information. Similarly, client-side authentication programs
- running in foreign cells use the information to contact your cell's authentication service.</P
-><P
->There are two places you can make this information available: <UL
-><LI
-><P
->In the global <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file maintained by the AFS Product Support group. This
- file lists the name and database server machines of every cell that has agreed to make this information available to
- other cells.</P
-><P
->To add or change your cell's listing in this file, have the official support contact at your site call or write to
- AFS Product Support. Changes to the file are frequent enough that AFS Product Support does not announce each one. It is
- a good policy to check the file for changes on a regular schedule.</P
-></LI
-><LI
-><P
->A file called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB.local</B
-></SPAN
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/service/etc</B
-></SPAN
-> directory
- of your cell's filespace. List only your cell's database server machines.</P
-></LI
-></UL
-></P
-><P
->Update the files whenever you change the identity of your cell's database server machines. Also update the copies of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> files on all of your server machines (in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc</B
-></SPAN
-> directory) and client machines (in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
->
- directory). For instructions, see <A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server CellServDB File</A
-> and <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->.</P
-><P
->Once you have advertised your database server machines, it can be difficult to make your cell invisible again. You can
- remove the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB.local</B
-></SPAN
-> file and ask AFS Product Support to remove your entry from the
- global <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file, but other cells probably have an entry for your cell in their local
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> files already. To make those entries invalid, you must change the names or IP
- addresses of your database server machines.</P
-><P
->Your cell does not have to be invisible to be inaccessible, however. To make your cell completely inaccessible to
- foreign users, remove the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group from all ACLs at the top three levels of your
- filespace; see <A
-HREF="c667.html#HDRWQ40"
->Granting and Denying Foreign Users Access to Your Cell</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ39"
->Making Other Cells Visible in Your Cell</A
-></H2
-><P
->To make a foreign cell's filespace visible on a client machine in your cell, perform the following three steps:
- <OL
-TYPE="1"
-><LI
-><P
->Mount the cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume at the second level in your cell's filespace
- just below the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
->
- command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument as instructed in <A
-HREF="c8420.html#HDRWQ213"
->To create a
- cellular mount point</A
->.</P
-></LI
-><LI
-><P
->Mount AFS at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory on the client machine. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program, which initializes the Cache Manager, performs the mount automatically at the
- directory named in the first field of the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/cacheinfo</B
-></SPAN
-> file or by the
- command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mountdir</B
-></SPAN
-> argument. Mounting AFS at an alternate location makes it impossible
- to reach the filespace of any cell that mounts its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volumes at the conventional locations. See <A
-HREF="c21473.html#HDRWQ395"
->Displaying and
- Setting the Cache Size and Location</A
->.</P
-></LI
-><LI
-><P
->Create an entry for the cell in the list of database server machines which the Cache Manager maintains in kernel
- memory.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file on every client machine's local disk lists the
- database server machines for the local and foreign cells. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program reads the
- contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file into kernel memory as it initializes the Cache Manager.
- You can also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs newcell</B
-></SPAN
-> command to add or alter entries in kernel memory
- directly between reboots of the machine. See <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server
- Machines</A
->.</P
-></LI
-></OL
-></P
-><P
->Note that making a foreign cell visible to client machines does not guarantee that your users can access its filespace.
- The ACLs in the foreign cell must also grant them the necessary permissions.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ40"
->Granting and Denying Foreign Users Access to Your Cell</A
-></H2
-><P
->Making your cell visible in the AFS global namespace does not take away your control over the way in which users from
- foreign cells access your file tree.</P
-><P
->By default, foreign users access your cell as the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
->, which means they have
- only the permissions granted to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group on each directory's ACL. Normally
- these permissions are limited to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permissions.</P
-><P
->There are two ways to grant wider access to foreign users: <UL
-><LI
-><P
->Grant additional permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group on certain ACLs. Keep in
- mind, however, that all users can then access that directory in the indicated way (not just specific foreign users you
- have in mind).</P
-></LI
-><LI
-><P
->Create a local authentication account for specific foreign users, by creating entries in the Protection and
- Authentication Databases and local password file. It is not possible to place foreign usernames on ACLs, nor to
- authenticate in a foreign cell without having an account in it.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ41"
->Configuring Your AFS Filespace</A
-></H1
-><P
->This section summarizes the issues to consider when configuring your AFS filespace. For a discussion of creating volumes
- that correspond most efficiently to the filespace's directory structure, see <A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to
- Simplify Administration</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->For Windows users:</B
-></SPAN
-> Windows uses a backslash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\</B
-></SPAN
->) rather
- than a forward slash (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->) to separate the elements in a pathname. The hierarchical
- organization of the filespace is however the same as on a UNIX machine.</P
-></BLOCKQUOTE
-></DIV
-><P
->AFS pathnames must follow a few conventions so the AFS global namespace looks the same from any AFS client machine. There
- are corresponding conventions to follow in building your file tree, not just because pathnames reflect the structure of a file
- tree, but also because the AFS Cache Manager expects a certain configuration.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_51"
->The Top /afs Level</A
-></H2
-><P
->The first convention is that the top level in your file tree be called the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->
- directory. If you name it something else, then you must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-mountdir</B
-></SPAN
-> argument with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program to get Cache Managers to mount AFS properly. You cannot participate in the AFS
- global namespace in that case.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ42"
->The Second (Cellname) Level</A
-></H2
-><P
->The second convention is that just below the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory you place directories
- corresponding to each cell whose file tree is visible and accessible from the local cell. Minimally, there must be a directory
- for the local cell. Each such directory is a mount point to the indicated cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
->
- volume. For example, in the ABC Corporation cell, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
-> is a mount point for the
- cell's own <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu.edu</B
-></SPAN
-> is a mount point
- for the State University cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- lsmount</B
-></SPAN
-> command displays the mount points.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount /afs/abc.com</B
-></SPAN
->
- '/afs/abc.com' is a mount point for volume '#root.cell'
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount /afs/stateu.edu</B
-></SPAN
->
- '/afs/stateu.edu' is a mount point for volume '#stateu.edu:root.cell'
-</PRE
-><P
->To reduce the amount of typing necessary in pathnames, you can create a symbolic link with an abbreviated name to the
- mount point of each cell your users frequently access (particularly the home cell). In the ABC Corporation cell, for instance,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc</B
-></SPAN
-> is a symbolic link to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
-> mount point,
- as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> command reveals.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount /afs/abc</B
-></SPAN
->
- '/afs/abc' is a symbolic link, leading to a mount point for volume '#root.cell'
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ43"
->The Third Level</A
-></H2
-><P
->You can organize the third level of your cell's file tree any way you wish. The following list describes directories
- that appear at this level in the conventional configuration: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->common</B
-></SPAN
-></DT
-><DD
-><P
->This directory contains programs and files needed by users working on machines of all system types, such as text
- editors, online documentation files, and so on. Its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc</B
-></SPAN
-> subdirectory is a logical
- place to keep the central update sources for files used on all of your cell's client machines, such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ThisCell</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> files.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->public</B
-></SPAN
-></DT
-><DD
-><P
->A directory accessible to anyone who can access your filespace, because its ACL grants the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group. It is useful if
- you want to enable your users to make selected information available to everyone, but do not want to grant foreign
- users access to the contents of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr</B
-></SPAN
-> directory which houses user home directories
- (and is also at this level). It is conventional to create a subdirectory for each of your cell's users.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->service</B
-></SPAN
-></DT
-><DD
-><P
->This directory contains files and subdirectories that help cells coordinate resource sharing. For a list of the
- proposed standard files and subdirectories to create, call or write to AFS Product Support.</P
-><P
->As an example, files that other cells expect to find in this directory's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
->
- subdirectory can include the following: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB.export</B
-></SPAN
->, a list of database server machines for many
- cells</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB.local</B
-></SPAN
->, a list of the cell's own database server
- machines</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
->, a copy of the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) kept on the local disk of the cell's client machines</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->group</B
-></SPAN
->, a copy of the local groups file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/group</B
-></SPAN
-> or equivalent) kept on the local disk of the cell's client machines</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->sys_type</I
-></SPAN
-></DT
-><DD
-><P
->A separate directory for storing the server and client binaries for each system type you use in the cell.
- Configuration is simplest if you use the system type names assigned in the AFS distribution, particularly if you wish
- to use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> variable in pathnames (see <A
-HREF="c667.html#HDRWQ56"
->Using the @sys
- Variable in Pathnames</A
->). The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Release Notes</I
-></SPAN
-> lists the conventional name for each
- supported system type.</P
-><P
->Within each such directory, create directories named <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bin</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->etc</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr</B
-></SPAN
->, and so on, to store the programs normally kept in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/bin</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> directories on a local disk. Then create symbolic links from the local directories on
- client machines into AFS; see <A
-HREF="c667.html#HDRWQ55"
->Configuring the Local Disk</A
->. Even if you do not choose to
- use symbolic links in this way, it can be convenient to have central copies of system binaries in AFS. If binaries are
- accidentally removed from a machine, you can recopy them onto the local disk from AFS rather than having to recover
- them from tape</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr</B
-></SPAN
-></DT
-><DD
-><P
->This directory contains home directories for your local users. As discussed in the previous entry for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->public</B
-></SPAN
-> directory, it is often practical to protect this directory so that only
- locally authenticated users can access it. This keeps the contents of your user's home directories as secure as
- possible.</P
-><P
->If your cell is quite large, directory lookup can be slowed if you put all home directories in a single
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr</B
-></SPAN
-> directory. For suggestions on distributing user home directories among multiple
- grouping directories, see <A
-HREF="c667.html#HDRWQ59"
->Grouping Home Directories</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->wsadmin</B
-></SPAN
-></DT
-><DD
-><P
->This directory contains prototype, configuration and library files for use with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program. See <A
-HREF="c23832.html"
->Configuring Client Machines with the package
- Program</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ44"
->Creating Volumes to Simplify Administration</A
-></H1
-><P
->This section discusses how to create volumes in ways that make administering your system easier.</P
-><P
->At the top levels of your file tree (at least through the third level), each directory generally corresponds to a separate
- volume. Some cells also configure the subdirectories of some third level directories as separate volumes. Common examples are
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
->
- directories.</P
-><P
->You do not have to create a separate volume for every directory level in a tree, but the advantage is that each volume
- tends to be smaller and easier to move for load balancing. The overhead for a mount point is no greater than for a standard
- directory, nor does the volume structure itself require much disk space. Most cells find that below the fourth level in the
- tree, using a separate volume for each directory is no longer efficient. For instance, while each user's home directory (at the
- fourth level in the tree) corresponds to a separate volume, all of the subdirectories in the home directory normally reside in
- the same volume.</P
-><P
->Keep in mind that only one volume can be mounted at a given directory location in the tree. In contrast, a volume can be
- mounted at several locations, though this is not recommended because it distorts the hierarchical nature of the file tree,
- potentially causing confusion.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_55"
->Assigning Volume Names</A
-></H2
-><P
->You can name your volumes anything you choose, subject to a few restrictions: <UL
-><LI
-><P
->Read/write volume names can be up to 22 characters in length. The maximum length for volume names is 31
- characters, and there must be room to add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension on read-only
- volumes.</P
-></LI
-><LI
-><P
->Do not add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extensions
- to volume names yourself, even if they are appropriate. The Volume Server adds them automatically as it creates a
- read-only or backup version of a volume.</P
-></LI
-><LI
-><P
->There must be volumes named <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
->, mounted respectively at the top (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->) level in the
- filespace and just below that level, at the cell's name (for example, at <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
->
- in the ABC Corporation cell).</P
-><P
->Deviating from these names only creates confusion and extra work. Changing the name of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume, for instance, means that you must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rootvol</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program on every client machine,
- to name the alternate volume.</P
-><P
->Similarly, changing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume name prevents users in foreign cells
- from accessing your filespace, if the mount point for your cell in their filespace refers to the conventional <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> name. Of course, this is one way to make your cell invisible to other cells.</P
-></LI
-></UL
-></P
-><P
->It is best to assign volume names that indicate the type of data they contain, and to use similar names for volumes with
- similar contents. It is also helpful if the volume name is similar to (or at least has elements in common with) the name of
- the directory at which it is mounted. Understanding the pattern then enables you accurately to guess what a volume contains
- and where it is mounted.</P
-><P
->Many cells find that the most effective volume naming scheme puts a common prefix on the names of all related volumes.
- <A
-HREF="c667.html#TBLVOL-PREFIX"
->Table 1</A
-> describes the recommended prefixing scheme.</P
-><DIV
-CLASS="table"
-><A
-NAME="TBLVOL-PREFIX"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="14*"><COL
-WIDTH="28*"><COL
-WIDTH="22*"><COL
-WIDTH="36*"><THEAD
-><TR
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Prefix</B
-></SPAN
-></TH
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Contents</B
-></SPAN
-></TH
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Example Name</B
-></SPAN
-></TH
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Example Mount Point</B
-></SPAN
-></TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->common.</B
-></SPAN
-></TD
-><TD
->popular programs and files</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->common.etc</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common/etc</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src.</B
-></SPAN
-></TD
-><TD
->source code</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->src.afs</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/src/afs</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->proj.</B
-></SPAN
-></TD
-><TD
->project data</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->proj.portafs</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/proj/portafs</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->test.</B
-></SPAN
-></TD
-><TD
->testing or other temporary data</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->test.smith</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/smith/test</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
-></TD
-><TD
->user home directory data</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.terry</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/terry</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->sys_type<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
-></TD
-><TD
->programs compiled for an operating system type</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.bin</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/bin</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-><P
-><B
->Table 1. Suggested volume prefixes</B
-></P
-></DIV
-><P
-><A
-HREF="c667.html#TBLPREFIX-EXAMPLE"
->Table 2</A
-> is a more specific example for a cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42</B
-></SPAN
-> system volumes and directories:</P
-><DIV
-CLASS="table"
-><A
-NAME="TBLPREFIX-EXAMPLE"
-></A
-><TABLE
-BORDER="1"
-CLASS="CALSTABLE"
-><COL
-WIDTH="14*"><COL
-WIDTH="28*"><THEAD
-><TR
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Example Name</B
-></SPAN
-></TH
-><TH
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Example Mount Point</B
-></SPAN
-></TH
-></TR
-></THEAD
-><TBODY
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.bin</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/bin</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/bin</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.etc</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/etc</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr.afsws</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr/afsws</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr.lib</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr/lib</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr.bin</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr/bin</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr.etc</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr/etc</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr.inc</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr/inc</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr.man</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr/man</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr.sys</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr/sys</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rs_aix42.usr.local</B
-></SPAN
-></TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/rs_aix42/usr/local</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-><P
-><B
->Table 2. Example volume-prefixing scheme</B
-></P
-></DIV
-><P
->There are several advantages to this scheme: <UL
-><LI
-><P
->The volume name is similar to the mount point name in the filespace. In all of the entries in <A
-HREF="c667.html#TBLPREFIX-EXAMPLE"
->Table 2</A
->, for example, the only difference between the volume and mount point name is
- that the former uses periods as separators and the latter uses slashes. Another advantage is that the volume name
- indicates the contents, or at least suggests the directory on which to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
->
- command to learn the contents.</P
-></LI
-><LI
-><P
->It makes it easy to manipulate groups of related volumes at one time. In particular, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- backupsys</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> argument enables you to create a backup version
- of every volume whose name starts with the same string of characters. Making a backup version of each volume is one of
- the first steps in backing up a volume with the AFS Backup System, and doing it for many volumes with one command saves
- you a good deal of typing. For instructions for creating backup volumes, see <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup
- Volumes</A
->, For information on the AFS Backup System, see <A
-HREF="c12776.html"
->Configuring the AFS Backup
- System</A
-> and <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
->.</P
-></LI
-><LI
-><P
->It makes it easy to group related volumes together on a partition. Grouping related volumes together has several
- advantages of its own, discussed in <A
-HREF="c667.html#HDRWQ49"
->Grouping Related Volumes on a Partition</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ49"
->Grouping Related Volumes on a Partition</A
-></H2
-><P
->If your cell is large enough to make it practical, consider grouping related volumes together on a partition. In
- general, you need at least three file server machines for volume grouping to be effective. Grouping has several advantages,
- which are most obvious when the file server machine becomes inaccessible: <UL
-><LI
-><P
->If you keep a hardcopy record of the volumes on a partition, you know which volumes are unavailable. You can keep
- such a record without grouping related volumes, but a list composed of unrelated volumes is much harder to maintain.
- Note that the record must be on paper, because the outage can prevent you from accessing an online copy or from issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> command, which gives you the same information.</P
-></LI
-><LI
-><P
->The effect of an outage is more localized. For example, if all of the binaries for a given system type are on one
- partition, then only users of that system type are affected. If a partition houses binary volumes from several system
- types, then an outage can affect more people, particularly if the binaries that remain available are interdependent with
- those that are not available.</P
-></LI
-></UL
-></P
-><P
->The advantages of grouping related volumes on a partition do not necessarily extend to the grouping of all related
- volumes on one file server machine. For instance, it is probably unwise in a cell with two file server machines to put all
- system volumes on one machine and all user volumes on the other. An outage of either machine probably affects everyone.</P
-><P
->Admittedly, the need to move volumes for load balancing purposes can limit the practicality of grouping related volumes.
- You need to weigh the complementary advantages case by case.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ50"
->When to Replicate Volumes</A
-></H2
-><P
->As discussed in <A
-HREF="c130.html#HDRWQ15"
->Replication</A
->, replication refers to making a copy, or clone, of a
- read/write source volume and then placing the copy on one or more additional file server machines. Replicating a volume can
- increase the availability of the contents. If one file server machine housing the volume becomes inaccessible, users can still
- access the copy of the volume stored on a different machine. No one machine is likely to become overburdened with requests for
- a popular file, either, because the file is available from several machines.</P
-><P
->However, replication is not appropriate for all cells. If a cell does not have much disk space, replication can be
- unduly expensive, because each clone not on the same partition as the read/write source takes up as much disk space as its
- source volume did at the time the clone was made. Also, if you have only one file server machine, replication uses up disk
- space without increasing availability.</P
-><P
->Replication is also not appropriate for volumes that change frequently. You must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-> command every time you need to update a read-only volume to reflect changes in its read/write
- source.</P
-><P
->For both of these reasons, replication is appropriate only for popular volumes whose contents do not change very often,
- such as system binaries and other volumes mounted at the upper levels of your filespace. User volumes usually exist only in a
- read/write version since they change so often.</P
-><P
->If you are replicating any volumes, you must replicate the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volumes, preferably at two or three sites each (even if your cell only has two or three file
- server machines). The Cache Manager needs to pass through the directories corresponding to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volumes as it interprets any pathname. The
- unavailability of these volumes makes all other volumes unavailable too, even if the file server machines storing the other
- volumes are still functioning.</P
-><P
->Another reason to replicate the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume is that it can lessen the load on the
- File Server machine. The Cache Manager has a bias to access a read-only version of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume if it is replicate, which puts the Cache Manager onto the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->read-only
- path</I
-></SPAN
-> through the AFS filespace. While on the read-only path, the Cache Manager attempts to access a read-only copy
- of replicated volumes. The File Server needs to track only one callback per Cache Manager for all of the data in a read-only
- volume, rather than the one callback per file it must track for read/write volumes. Fewer callbacks translate into a smaller
- load on the File Server.</P
-><P
->If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume is not replicated, the Cache Manager follows a read/write path
- through the filespace, accessing the read/write version of each volume. The File Server distributes and tracks a separate
- callback for each file in a read/write volume, imposing a greater load on it.</P
-><P
->For more on read/write and read-only paths, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount Point
- Traversal</A
->.</P
-><P
->It also makes sense to replicate system binary volumes in many cases, as well as the volume corresponding to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> directory and
- the volumes corresponding to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/common</B
-></SPAN
-> directory and its subdirectories.</P
-><P
->It is a good idea to place a replica on the same partition as the read/write source. In this case, the read-only volume
- is a clone (like a backup volume): it is a copy of the source volume's vnode index, rather than a full copy of the volume
- contents. Only if the read/write volume moves to another partition or changes substantially does the read-only volume consume
- significant disk space. Read-only volumes kept on other partitions always consume the full amount of disk space that the
- read/write source consumed when the read-only volume was created.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_58"
->The Default Quota and ACL on a New Volume</A
-></H2
-><P
->Every AFS volume has associated with it a quota that limits the amount of disk space the volume is allowed to use. To
- set and change quota, use the commands described in <A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume Quota and Current
- Size</A
->.</P
-><P
->By default, every new volume is assigned a space quota of 5000 KB blocks unless you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> command. Also by default, the ACL
- on the root directory of every new volume grants all permissions to the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. To learn how to change these values when creating an account with
- individual commands, see <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->. When using
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands to create accounts, you can specify alternate ACL and quota values in the
- template file's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->V</B
-></SPAN
-> instruction; see <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V
- Instruction</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ51"
->Configuring Server Machines</A
-></H1
-><P
->This section discusses some issues to consider when configuring server machines, which store AFS data, transfer it to
- client machines on request, and house the AFS administrative databases. To learn about client machines, see <A
-HREF="c667.html#HDRWQ54"
->Configuring Client Machines</A
->.</P
-><P
->If your cell has more than one AFS server machine, you can configure them to perform specialized functions. A machine can
- assume one or more of the roles described in the following list. For more details, see <A
-HREF="c3025.html#HDRWQ90"
->The Four Roles
- for File Server Machines</A
->. <UL
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->simple file server</I
-></SPAN
-> machine runs only the processes that store and deliver AFS files to client
- machines. You can run as many simple file server machines as you need to satisfy your cell's performance and disk space
- requirements.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->database server machine</I
-></SPAN
-> runs the four database server processes that maintain AFS's
- replicated administrative databases: the Authentication, Backup, Protection, and Volume Location (VL) Server
- processes.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->binary distribution machine</I
-></SPAN
-> distributes the AFS server binaries for its system type to all
- other server machines of that system type.</P
-></LI
-><LI
-><P
->The single <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->system control machine</I
-></SPAN
-> distributes common server configuration files to all other
- server machines in the cell, in a cell that runs the United States edition of AFS (cells that use the international
- edition of AFS must not use the system control machine for this purpose). The machine conventionally also serves as the
- time synchronization source for the cell, adjusting its clock according to a time source outside the cell.</P
-></LI
-></UL
-></P
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> explains how to configure your cell's first file server machine to
- assume all four roles. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> chapter on installing additional server machines also
- explains how to configure them to perform one or more roles.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ52"
->Replicating the AFS Administrative Databases</A
-></H2
-><P
->The AFS administrative databases are housed on database server machines and store information that is crucial for
- correct cell functioning. Both server processes and Cache Managers access the information frequently: <UL
-><LI
-><P
->Every time a Cache Manager fetches a file from a directory that it has not previously accessed, it must look up
- the file's location in the Volume Location Database (VLDB).</P
-></LI
-><LI
-><P
->Every time a user obtains an AFS token from the Authentication Server, the server looks up the user's password in
- the Authentication Database.</P
-></LI
-><LI
-><P
->The first time that a user accesses a volume housed on a specific file server machine, the File Server contacts
- the Protection Server for a list of the user's group memberships as recorded in the Protection Database.</P
-></LI
-><LI
-><P
->Every time you back up a volume using the AFS Backup System, the Backup Server creates records for it in the
- Backup Database.</P
-></LI
-></UL
-></P
-><P
->Maintaining your cell is simplest if the first machine has the lowest IP address of any machine you plan to use as a
- database server machine. If you later decide to use a machine with a lower IP address as a database server machine, you must
- update the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file on all clients before introducing the new machine.</P
-><P
->If your cell has more than one server machine, it is best to run more than one as a database server machine (but more
- than three are rarely necessary). Replicating the administrative databases in this way yields the same benefits as replicating
- volumes: increased availability and reliability. If one database server machine or process stops functioning, the information
- in the database is still available from others. The load of requests for database information is spread across multiple
- machines, preventing any one from becoming overloaded.</P
-><P
->Unlike replicated volumes, however, replicated databases do change frequently. Consistent system performance demands
- that all copies of the database always be identical, so it is not acceptable to record changes in only some of them. To
- synchronize the copies of a database, the database server processes use AFS's distributed database technology, Ubik. See <A
-HREF="c3025.html#HDRWQ102"
->Replicating the AFS Administrative Databases</A
->.</P
-><P
->If your cell has only one file server machine, it must also serve as a database server machine. If you cell has two file
- server machines, it is not always advantageous to run both as database server machines. If a server, process, or network
- failure interrupts communications between the database server processes on the two machines, it can become impossible to
- update the information in the database because neither of them can alone elect itself as the synchronization site.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ53"
->AFS Files on the Local Disk</A
-></H2
-><P
->It is generally simplest to store the binaries for all AFS server processes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory on every file server machine, even if some processes do not actively run on the
- machine. This makes it easier to reconfigure a machine to fill a new role.</P
-><P
->For security reasons, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs</B
-></SPAN
-> directory on a file server machine and all of its
- subdirectories and files must be owned by the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> and have only the first
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) mode bit turned on. Some files even have only the
- first <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) mode bit turned on (for example, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file, which lists the AFS server encryption keys). Each time the BOS
- Server starts, it checks that the mode bits on certain files and directories match the expected values. For a list, see the
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> section about protecting sensitive AFS directories, or the discussion of the
- output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command in <A
-HREF="c6449.html#HDRWQ159"
->To display the status of
- server processes and their BosConfig entries</A
->.</P
-><P
->For a description of the contents of all AFS directories on a file server machine's local disk, see <A
-HREF="c3025.html"
->Administering Server Machines</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_62"
->Configuring Partitions to Store AFS Data</A
-></H2
-><P
->The partitions that house AFS volumes on a file server machine must be mounted at directories named</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicep</B
-></SPAN
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->index</I
-></SPAN
-></P
-><P
->where <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->index</I
-></SPAN
-> is one or two lowercase letters. By convention, the first AFS partition created is
- mounted at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepa</B
-></SPAN
-> directory, the second at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepb</B
-></SPAN
->
- directory, and so on through the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepz</B
-></SPAN
-> directory. The names then continue with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepaa</B
-></SPAN
-> through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepaz</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepba</B
-></SPAN
->
- through <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicepbz</B
-></SPAN
->, and so on, up to the maximum supported number of server partitions, which
- is specified in the IBM AFS Release Notes.</P
-><P
->Each <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/vicep</B
-></SPAN
->x directory must correspond to an entire partition or logical volume, and
- must be a subdirectory of the root directory (/). It is not acceptable to configure part of (for example) the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> partition as an AFS server partition and mount it on a directory called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vicepa</B
-></SPAN
->.</P
-><P
->Also, do not store non-AFS files on AFS server partitions. The File Server and Volume Server expect to have available
- all of the space on the partition. Sharing space also creates competition between AFS and the local UNIX file system for
- access to the partition, particularly if the UNIX files are frequently used.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_63"
->Monitoring, Rebooting and Automatic Process Restarts</A
-></H2
-><P
->AFS provides several tools for monitoring the File Server, including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> programs. You can configure them to alert you when certain threshold values are
- exceeded, for example when a server partition is more than 95% full. See <A
-HREF="c18360.html"
->Monitoring and Auditing AFS
- Performance</A
->.</P
-><P
->Rebooting a file server machine requires shutting down the AFS processes and so inevitably causes a service outage.
- Reboot file server machines as infrequently as possible. For instructions, see <A
-HREF="c3025.html#HDRWQ139"
->Rebooting a Server
- Machine</A
->.</P
-><P
->By default, the BOS Server on each file server machine stops and immediately restarts all AFS server processes on the
- machine (including itself) once a week, at 4:00 a.m. on Sunday. This reduces the potential for the core leaks that can develop
- as any process runs for an extended time.</P
-><P
->The BOS Server also checks each morning at 5:00 a.m. for any newly installed binary files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/bin</B
-></SPAN
-> directory. It compares the timestamp on each binary file to the time at which the
- corresponding process last restarted. If the timestamp on the binary is later, the BOS Server restarts the corresponding
- process to start using it.</P
-><P
->The default times are in the early morning hours when the outage that results from restarting a process is likely to
- disturb the fewest number of people. You can display the restart times for each machine with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- getrestart</B
-></SPAN
-> command, and set them with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos setrestart</B
-></SPAN
-> command. The latter
- command enables you to disable automatic restarts entirely, by setting the time to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->never</B
-></SPAN
->. See
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ54"
->Configuring Client Machines</A
-></H1
-><P
->This section summarizes issues to consider as you install and configure client machines in your cell.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ55"
->Configuring the Local Disk</A
-></H2
-><P
->You can often free up significant amounts of local disk space on AFS client machines by storing standard UNIX files in
- AFS and creating symbolic links to them from the local disk. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@sys</B
-></SPAN
-> pathname variable can
- be useful in links to system-specific files; see <A
-HREF="c667.html#HDRWQ56"
->Using the @sys Variable in Pathnames</A
->.</P
-><P
->There are two types of files that must actually reside on the local disk: boot sequence files needed before the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program is invoked, and files that can be helpful during file server machine
- outages.</P
-><P
->During a reboot, AFS is inaccessible until the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program executes and initializes
- the Cache Manager. (In the conventional configuration, the AFS initialization file is included in the machine's initialization
- sequence and invokes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsd</B
-></SPAN
-> program.) Files needed during reboot prior to that point must
- reside on the local disk. They include the following, but this list is not necessarily exhaustive. <UL
-><LI
-><P
->Standard UNIX utilities including the following or their equivalents: <UL
-><LI
-><P
->Machine initialization files (stored in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/sbin</B
-></SPAN
-> directory on many system types)</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fstab</B
-></SPAN
-> file</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mount</B
-></SPAN
-> command binary</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->umount</B
-></SPAN
-> command binary</P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
->All subdirectories and files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice</B
-></SPAN
-> directory, including the following:
- <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/cache</B
-></SPAN
-> directory</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/afsd</B
-></SPAN
-> command binary</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/cacheinfo</B
-></SPAN
-> file</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> file</P
-></LI
-></UL
-></P
-><P
->For more information on these files, see <A
-HREF="c21473.html#HDRWQ391"
->Configuration and Cache-Related Files on the
- Local Disk</A
->.</P
-></LI
-></UL
-></P
-><P
->The other type of files and programs to retain on the local disk are those you need when diagnosing and fixing problems
- caused by a file server outage, because the outage can make inaccessible the copies stored in AFS. Examples include the
- binaries for a text editor (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ed</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vi</B
-></SPAN
->) and for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> commands. Store copies of AFS command binaries in
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory as well as including them in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws</B
-></SPAN
-> directory, which is normally a link into AFS. Then place the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws</B
-></SPAN
-> directory before the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc</B
-></SPAN
-> directory in users'
- <VAR
-CLASS="envar"
->PATH</VAR
-> environment variable definition. When AFS is functioning normally, users access the copy in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws</B
-></SPAN
-> directory, which is more likely to be current than a local copy.</P
-><P
->You can automate the configuration of client machine local disks by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
->
- program, which updates the contents of the local disk to match a configuration file. See <A
-HREF="c23832.html"
->Configuring
- Client Machines with the package Program</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_66"
->Enabling Access to Foreign Cells</A
-></H2
-><P
->As detailed in <A
-HREF="c667.html#HDRWQ39"
->Making Other Cells Visible in Your Cell</A
->, you enable the Cache Manager to
- access a cell's AFS filespace by storing a list of the cell's database server machines in the local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file. The Cache Manager reads the list into kernel memory at reboot for faster
- retrieval. You can change the list in kernel memory between reboots by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs newcell</B
-></SPAN
->
- command. It is often practical to store a central version of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file in AFS and
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program periodically to update each client's version with the source copy.
- See <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->.</P
-><P
->Because each client machine maintains its own copy of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->CellServDB</B
-></SPAN
-> file, you can in
- theory enable access to different foreign cells on different client machines. This is not usually practical, however,
- especially if users do not always work on the same machine.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ56"
->Using the @sys Variable in Pathnames</A
-></H2
-><P
->When creating symbolic links into AFS on the local disk, it is often practical to use the @sys variable in pathnames.
- The Cache Manager automatically substitutes the local machine's AFS system name (CPU/operating system type) for the @sys
- variable. This means you can place the same links on machines of various system types and still have each machine access the
- binaries for its system type. For example, the Cache Manager on a machine running AIX 4.2 converts <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/@sys</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/rs_aix42</B
-></SPAN
->, whereas a machine running
- Solaris 7 converts it to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/sun4x_57</B
-></SPAN
->.</P
-><P
->If you want to use the @sys variable, it is simplest to use the conventional AFS system type names as specified in the
- IBM AFS Release Notes. The Cache Manager records the local machine's system type name in kernel memory during initialization.
- If you do not use the conventional names, you must use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-> command to change the
- value in kernel memory from its default just after Cache Manager initialization, on every client machine of the relevant
- system type. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sysname</B
-></SPAN
-> command also displays the current value; see <A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the System Type Name</A
->.</P
-><P
->In pathnames in the AFS filespace itself, use the @sys variable carefully and sparingly, because it can lead to
- unexpected results. It is generally best to restrict its use to only one level in the filespace. The third level is a common
- choice, because that is where many cells store the binaries for different machine types.</P
-><P
->Multiple instances of the @sys variable in a pathname are especially dangerous to people who must explicitly change
- directories (with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd</B
-></SPAN
-> command, for example) into directories that store binaries for
- system types other than the machine on which they are working, such as administrators or developers who maintain those
- directories. After changing directories, it is recommended that such people verify they are in the desired directory.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_68"
->Setting Server Preferences</A
-></H2
-><P
->The Cache Manager stores a table of preferences for file server machines in kernel memory. A preference rank pairs a
- file server machine interface's IP address with an integer in the range from 1 to 65,534. When it needs to access a file, the
- Cache Manager compares the ranks for the interfaces of all machines that house the file, and first attempts to access the file
- via the interface with the best rank. As it initializes, the Cache Manager sets default ranks that bias it to access files via
- interfaces that are close to it in terms of network topology. You can adjust the preference ranks to improve performance if
- you wish.</P
-><P
->The Cache Manager also uses similar preferences for Volume Location (VL) Server machines. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
-> command to display preference ranks and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setserverprefs</B
-></SPAN
-> command to set them. See <A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ57"
->Configuring AFS User Accounts</A
-></H1
-><P
->This section discusses some of the issues to consider when configuring AFS user accounts. Because AFS is separate from the
- UNIX file system, a user's AFS account is separate from her UNIX account.</P
-><P
->The preferred method for creating a user account is with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> suite of commands. With
- a single command, you can create all the components of one or many accounts, after you have prepared a template file that guides
- the account creation. See <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command Suite</A
->.</P
-><P
->Alternatively, you can issue the individual commands that create each component of an account. For instructions, along
- with instructions for removing user accounts and changing user passwords, user volume quotas and usernames, see <A
-HREF="c27596.html"
->Administering User Accounts</A
->.</P
-><P
->When users leave your system, it is often good policy to remove their accounts. Instructions appear in <A
-HREF="c24913.html#HDRWQ486"
->Deleting Individual Accounts with the uss delete Command</A
-> and <A
-HREF="c27596.html#HDRWQ524"
->Removing a User
- Account</A
->.</P
-><P
->An AFS user account consists of the following components, which are described in greater detail in <A
-HREF="c27596.html#HDRWQ494"
->The Components of an AFS User Account</A
->. <UL
-><LI
-><P
->A Protection Database entry</P
-></LI
-><LI
-><P
->An Authentication Database entry</P
-></LI
-><LI
-><P
->A volume</P
-></LI
-><LI
-><P
->A home directory at which the volume is mounted</P
-></LI
-><LI
-><P
->Ownership of the home directory and full permissions on its ACL</P
-></LI
-><LI
-><P
->An entry in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) of each machine the
- user needs to log into</P
-></LI
-><LI
-><P
->Optionally, standard files and subdirectories that make the account more useful</P
-></LI
-></UL
-></P
-><P
->By creating some components but not others, you can create accounts at different levels of functionality, using either
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> commands as described in <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with
- the uss Command Suite</A
-> or individual commands as described in <A
-HREF="c27596.html"
->Administering User Accounts</A
->.
- The levels of functionality include the following <UL
-><LI
-><P
->An authentication-only account enables the user to obtain AFS tokens and so to access protected AFS data and to
- issue privileged commands. It consists only of entries in the Authentication and Protection Database. This type of account
- is suitable for administrative accounts and for users from foreign cells who need to access protected data. Local users
- generally also need a volume and home directory.</P
-></LI
-><LI
-><P
->A basic user account includes a volume for the user, in addition to Authentication and Protection Database entries.
- The volume is mounted in the AFS filespace as the user's home directory, and provides a repository for the user's personal
- files.</P
-></LI
-><LI
-><P
->A full account adds configuration files for basic functions such as logging in, printing, and mail delivery to a
- basic account, making it more convenient and useful. For a discussion of some useful types of configuration files, see
- <A
-HREF="c667.html#HDRWQ60"
->Creating Standard Files in New AFS Accounts</A
->.</P
-></LI
-></UL
-></P
-><P
->If your users have UNIX user accounts that predate the introduction of AFS in the cell, you possibly want to convert them
- into AFS accounts. There are three main issues to consider: <UL
-><LI
-><P
->Making UNIX and AFS UIDs match</P
-></LI
-><LI
-><P
->Setting the password field in the local password file appropriately</P
-></LI
-><LI
-><P
->Moving files from the UNIX file system into AFS</P
-></LI
-></UL
-></P
-><P
->For further discussion, see <A
-HREF="c24913.html#HDRWQ459"
->Converting Existing UNIX Accounts with uss</A
-> or <A
-HREF="c27596.html#HDRWQ498"
->Converting Existing UNIX Accounts</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ58"
->Choosing Usernames and Naming Other Account Components</A
-></H2
-><P
->This section suggests schemes for choosing usernames, AFS UIDs, user volume names and mount point names, and also
- outlines some restrictions on your choices.</P
-><DIV
-CLASS="formalpara"
-><P
-><B
->Usernames: </B
->AFS imposes very few restrictions on the form of usernames. It is best to keep usernames short, both because many
- utilities and applications can handle usernames of no more than eight characters and because by convention many components
- of and AFS account incorporate the name. These include the entries in the Protection and Authentication Databases, the
- volume, and the mount point. Depending on your electronic mail delivery system, the username can become part of the user's
- mailing address. The username is also the string that the user types when logging in to a client machine.</P
-></DIV
-><P
->Some common choices for usernames are last names, first names, initials, or a combination, with numbers sometimes added.
- It is also best to avoid using the following characters, many of which have special meanings to the command shell.
- <UL
-><LI
-><P
->The comma (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->,</B
-></SPAN
->)</P
-></LI
-><LI
-><P
->The colon (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
->), because AFS reserves it as a field separator in protection group
- names; see <A
-HREF="c667.html#HDRWQ62"
->The Two Types of User-Defined Groups</A
-></P
-></LI
-><LI
-><P
->The semicolon (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->;</B
-></SPAN
->)</P
-></LI
-><LI
-><P
->The "at-sign" (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->@</B
-></SPAN
->); this character is reserved for Internet mailing
- addresses</P
-></LI
-><LI
-><P
->Spaces</P
-></LI
-><LI
-><P
->The newline character</P
-></LI
-><LI
-><P
->The period (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->); it is conventional to use this character only in the special
- username that an administrator adopts while performing privileged tasks, such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat.admin</B
-></SPAN
-></P
-></LI
-></UL
-></P
-><DIV
-CLASS="formalpara"
-><P
-><B
->AFS UIDs and UNIX UIDs: </B
->AFS associates a unique identification number, the AFS UID, with every username, recording the mapping in the user's
- Protection Database entry. The AFS UID functions within AFS much as the UNIX UID does in the local file system: the AFS
- server processes and the Cache Manager use it internally to identify a user, rather than the username.</P
-></DIV
-><P
->Every AFS user also must have a UNIX UID recorded in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent) of each client machine they log onto. Both administration and a user's AFS
- access are simplest if the AFS UID and UNIX UID match. One important consequence of matching UIDs is that the owner reported
- by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command matches the AFS username.</P
-><P
->It is usually best to allow the Protection Server to allocate the AFS UID as it creates the Protection Database entry.
- However, both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> command and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
->
- commands that create user accounts enable you to assign AFS UIDs explicitly. This is appropriate in two cases: <UL
-><LI
-><P
->You wish to group together the AFS UIDs of related users</P
-></LI
-><LI
-><P
->You are converting an existing UNIX account into an AFS account and want to make the AFS UID match the existing
- UNIX UID</P
-></LI
-></UL
-></P
-><P
->After the Protection Server initializes for the first time on a cell's first file server machine, it starts assigning
- AFS UIDs at a default value. To change the default before creating any user accounts, or at any time, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setmax</B
-></SPAN
-> command to reset the <SAMP
-CLASS="computeroutput"
->max user id counter</SAMP
->. To display the
- counter, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listmax</B
-></SPAN
-> command. See <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the
- AFS UID and GID Counters</A
->.</P
-><P
->AFS reserves one AFS UID, 32766, for the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
->. The AFS server processes
- assign this identity and AFS UID to any user who does not possess a token for the local cell. Do not assign this AFS UID to
- any other user or hardcode its current value into any programs or a file's owner field, because it is subject to change in
- future releases.</P
-><DIV
-CLASS="formalpara"
-><P
-><B
->User Volume Names: </B
->Like any volume name, a user volume's base (read/write) name cannot exceed 22 characters in length or include the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension. See <A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to Simplify Administration</A
->. By convention, user volume names have the format
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
->username. Using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
-> prefix not only makes it
- easy to identify the volume's contents, but also to create a backup version of all user volumes by issuing a single
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> command.</P
-></DIV
-><DIV
-CLASS="formalpara"
-><P
-><B
->Mount Point Names: </B
->By convention, the mount point for a user's volume is named after the username. Many cells follow the convention of
- mounting user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> directory, as discussed in <A
-HREF="c667.html#HDRWQ43"
->The Third Level</A
->. Very large cells
- sometimes find that mounting all user volumes in the same directory slows directory lookup, however; for suggested
- alternatives, see the following section.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ59"
->Grouping Home Directories</A
-></H2
-><P
->Mounting user volumes in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> directory is an AFS-appropriate variation on the standard UNIX practice of putting user home
- directories under the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
-> subdirectory. However, cells with more than a few hundred users
- sometimes find that mounting all user volumes in a single directory results in slow directory lookup. The solution is to
- distribute user volume mount points into several directories; there are a number of alternative methods to accomplish this.
- <UL
-><LI
-><P
->Distribute user home directories into multiple directories that reflect organizational divisions, such as academic
- or corporate departments. For example, a company can create group directories called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr/marketing</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr/research</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr/finance</B
-></SPAN
->. A good feature of this scheme is that knowing a user's department is enough to find
- the user's home directory. Also, it makes it easy to set the ACL to limit access to members of the department only. A
- potential drawback arises if departments are of sufficiently unequal size that users in large departments experience
- slower lookup than users in small departments. This scheme is also not appropriate in cells where users frequently
- change between divisions.</P
-></LI
-><LI
-><P
->Distribute home directories into alphabetic subdirectories of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr</B
-></SPAN
-> directory
- (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr/a</B
-></SPAN
-> subdirectory, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr/b</B
-></SPAN
-> subdirectory, and
- so on), based on the first letter of the username. If the cell is very large, create subdirectories under each letter
- that correspond to the second letter in the user name. This scheme has the same advantages and disadvantages of a
- department-based scheme. Anyone who knows the user's username can find the user's home directory, but users with names
- that begin with popular letters sometimes experience slower lookup.</P
-></LI
-><LI
-><P
->Distribute home directories randomly but evenly into more than one grouping directory. One cell that uses this
- scheme has over twenty such directories called the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr1</B
-></SPAN
-> directory, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr2</B
-></SPAN
-> directory, and so on. This scheme is especially appropriate in cells where the other two
- schemes do not seem feasible. It eliminates the potential problem of differences in lookup speed, because all
- directories are about the same size. Its disadvantage is that there is no way to guess which directory a given user's
- volume is mounted in, but a solution is to create a symbolic link in the regular <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr</B
-></SPAN
->
- directory that references the actual mount point. For example, if user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
->'s volume
- is mounted at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/bigcell.com/usr17/smith</B
-></SPAN
-> directory, then the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/bigcell.com/usr/smith</B
-></SPAN
-> directory is a symbolic link to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->../usr17/smith</B
-></SPAN
-> directory. This way, if someone does not know which directory the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
-> is in, he or she can access it through the link called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->usr/smith</B
-></SPAN
->; people who do know the appropriate directory save lookup time by specifying it.</P
-></LI
-></UL
-></P
-><P
->For instructions on how to implement the various schemes when using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> program to
- create user accounts, see <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
-> and
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_72"
->Making a Backup Version of User Volumes Available</A
-></H2
-><P
->Mounting the backup version of a user's volume is a simple way to enable users themselves to restore data they have
- accidentally removed or deleted. It is conventional to mount the backup version at a subdirectory of the user's home directory
- (called perhaps the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->OldFiles</B
-></SPAN
-> subdirectory), but other schemes are possible. Once per day you
- create a new backup version to capture the changes made that day, overwriting the previous day's backup version with the new
- one. Users can always retrieve the previous day's copy of a file without your assistance, freeing you to deal with more
- pressing tasks.</P
-><P
->Users sometimes want to delete the mount point to their backup volume, because they erroneously believe that the backup
- volume's contents count against their quota. Remind them that the backup volume is separate, so the only space it uses in the
- user volume is the amount needed for the mount point.</P
-><P
->For further discussion of backup volumes, see <A
-HREF="c667.html#HDRWQ77"
->Backing Up AFS Data</A
-> and <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ60"
->Creating Standard Files in New AFS Accounts</A
-></H2
-><P
->From your experience as a UNIX administrator, you are probably familiar with the use of login and shell initialization
- files (such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.cshrc</B
-></SPAN
-> files) to make an
- account easier to use.</P
-><P
->It is often practical to add some AFS-specific directories to the definition of the user's <VAR
-CLASS="envar"
->PATH</VAR
->
- environment variable, including the following: <UL
-><LI
-><P
->The path to a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bin</B
-></SPAN
-> subdirectory in the user's home directory for binaries the user
- has created (that is, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->username</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/bin</B
-></SPAN
->)</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/bin</B
-></SPAN
-> path, which conventionally includes programs like <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-></P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/etc</B
-></SPAN
-> path, if the user is an administrator; it usually houses the
- AFS command suites that require privilege (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->butc</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> commands), the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->package</B
-></SPAN
-> program, and others</P
-></LI
-></UL
-></P
-><P
->If you are not using an AFS-modified login utility, it can be helpful to users to invoke the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command in their <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> file so that they obtain AFS tokens as
- part of logging in. In the following example command sequence, the first line echoes the string
- <SAMP
-CLASS="computeroutput"
->klog</SAMP
-> to the standard output stream, so that the user understands the purpose of the
- <SAMP
-CLASS="computeroutput"
->Password:</SAMP
-> prompt that appears when the second line is executed. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
-> flag associates the new tokens with a process authentication group (PAG), which is discussed
- further in <A
-HREF="c667.html#HDRWQ64"
->Identifying AFS Tokens by PAG</A
->.</P
-><PRE
-CLASS="programlisting"
-> echo -n "klog "
- klog -setpag
-</PRE
-><P
->The following sequence of commands has a similar effect, except that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pagsh</B
-></SPAN
-> command
- forks a new shell with which the PAG and tokens are associated.</P
-><PRE
-CLASS="programlisting"
-> pagsh
- echo -n "klog "
- klog
-</PRE
-><P
->If you use an AFS-modified login utility, this sequence is not necessary, because such utilities both log a user in
- locally and obtain AFS tokens.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ61"
->Using AFS Protection Groups</A
-></H1
-><P
->AFS enables users to define their own groups of other users or machines. The groups are placed on ACLs to grant the same
- permissions to many users without listing each user individually. For group creation instructions, see <A
-HREF="c29323.html"
->Administering the Protection Database</A
->.</P
-><P
->Groups have AFS ID numbers, just as users do, but an AFS group ID (GID) is a negative integer whereas a user's AFS UID is
- a positive integer. By default, the Protection Server allocates a new group's AFS GID automatically, but members of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can assign a GID when issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- creategroup</B
-></SPAN
-> command. Before explicitly assigning a GID, it is best to verify that it is not already in use.</P
-><P
->A group cannot belong to another group, but it can own another group or even itself as long as it (the owning group) has
- at least one member. The current owner of a group can transfer ownership of the group to another user or group, even without the
- new owner's permission. At that point the former owner loses administrative control over the group.</P
-><P
->By default, each user can create 20 groups. A system administrator can increase or decrease this group creation quota with
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> command.</P
-><P
->Each Protection Database entry (group or user) is protected by a set of five privacy flagswhich limit who can administer
- the entry and what they can do. The default privacy flags are fairly restrictive, especially for user entries. See <A
-HREF="c29323.html#HDRWQ559"
->Setting the Privacy Flags on Database Entries</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_75"
->The Three System Groups</A
-></H2
-><P
->As the Protection Server initializes for the first time on a cell's first database server machine, it automatically
- creates three group entries: the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> groups.</P
-><P
->The first two system groups are unlike any other groups in the Protection Database in that they do not have a stable
- membership: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group includes everyone who can access a cell's AFS filespace:
- users who have tokens for the local cell, users who have logged in on a local AFS client machine but not obtained tokens
- (such as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->), and users who have connected to a local machine
- from outside the cell. Placing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group on an ACL grants access to the
- widest possible range of users. It is the only way to extend access to users from foreign AFS cells that do not have
- local accounts.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group includes everyone who has a valid token obtained from
- the cell's AFS authentication service.</P
-></LI
-></UL
-></P
-><P
->Because the groups do not have a stable membership, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command produces
- no output for them. Similarly, they do not appear in the list of groups to which a user belongs.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group does have a stable membership, consisting of the cell's
- privileged administrators. Members of this group can issue any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> command, and are the only
- ones who can issue several other restricted commands (such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown</B
-></SPAN
-> command on AFS
- files). By default, they also implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->)
- permissions on every ACL in the filespace. For information about changing this default, see <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->.</P
-><P
->For a discussion of how to use system groups effectively on ACLs, see <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on
- ACLs</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ62"
->The Two Types of User-Defined Groups</A
-></H2
-><P
->All users can create regular groups. A regular group name has two fields separated by a colon, the first of which must
- indicate the group's ownership. The Protection Server refuses to create or change the name of a group if the result does not
- accurately indicate the ownership.</P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can create prefix-less groups whose names do
- not have the first field that indicates ownership. For suggestions on using the two types of groups effectively, see <A
-HREF="c29323.html#HDRWQ545"
->Using Groups Effectively</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ63"
->Login and Authentication in AFS</A
-></H1
-><P
->As explained in <A
-HREF="c667.html#HDRWQ31"
->Differences in Authentication</A
->, AFS authentication is separate from UNIX
- authentication because the two file systems are separate. The separation has two practical implications: <UL
-><LI
-><P
->To access AFS files, users must both log into the local file system and authenticate with the AFS authentication
- service. (Logging into the local file system is necessary because the only way to access the AFS filespace is through a
- Cache Manager, which resides in the local machine's kernel.)</P
-></LI
-><LI
-><P
->Passwords are stored in two separate places: in the Authentication Database for AFS and in the each machine's local
- password file (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> file or equivalent) for the local file system.</P
-></LI
-></UL
-></P
-><P
->When a user successfully authenticates, the AFS authentication service passes a token to the user's Cache Manager. The
- token is a small collection of data that certifies that the user has correctly provided the password associated with a
- particular AFS identity. The Cache Manager presents the token to AFS server processes along with service requests, as proof that
- the user is genuine. To learn about the mutual authentication procedure they use to establish identity, see <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual Authentication</A
->.</P
-><P
->The Cache Manager stores tokens in the user's credential structure in kernel memory. To distinguish one user's credential
- structure from another's, the Cache Manager identifies each one either by the user's UNIX UID or by a process authentication
- group (PAG), which is an identification number guaranteed to be unique in the cell. For further discussion, see <A
-HREF="c667.html#HDRWQ64"
->Identifying AFS Tokens by PAG</A
->.</P
-><P
->A user can have only one token per cell in each separately identified credential structure. To obtain a second token for
- the same cell, the user must either log into a different machine or obtain another credential structure with a different
- identifier than any existing credential structure, which is most easily accomplished by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pagsh</B
-></SPAN
-> command (see <A
-HREF="c667.html#HDRWQ64"
->Identifying AFS Tokens by PAG</A
->). In a single credential
- structure, a user can have one token for each of many cells at the same time. As this implies, authentication status on one
- machine or PAG is independent of authentication status on another machine or PAG, which can be very useful to a user or system
- administrator.</P
-><P
->The AFS distribution includes library files that enable each system type's login utility to authenticate users with AFS
- and log them into the local file system in one step. If you do not configure an AFS-modified login utility on a client machine,
- its users must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate with AFS after logging in.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The AFS-modified libraries do not necessarily support all features available in an operating system's proprietary login
- utility. In some cases, it is not possible to support a utility at all. For more information about the supported utilities in
- each AFS version, see the IBM AFS Release Notes.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ64"
->Identifying AFS Tokens by PAG</A
-></H2
-><P
->As noted, the Cache Manager identifies user credential structures either by UNIX UID or by PAG. Using a PAG is
- preferable because it guaranteed to be unique: the Cache Manager allocates it based on a counter that increments with each
- use. In contrast, multiple users on a machine can share or assume the same UNIX UID, which creates potential security
- problems. The following are two common such situations: <UL
-><LI
-><P
->The local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> can always assume any other user's UNIX UID simply by
- issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command, without providing the user's password. If the credential
- structure is associated with the user's UNIX UID, then assuming the UID means inheriting the AFS tokens.</P
-></LI
-><LI
-><P
->Two users working on different NFS client machines can have the same UNIX UID in their respective local file
- systems. If they both access the same NFS/AFS Translator machine, and the Cache Manager there identifies them by their
- UNIX UID, they become indistinguishable. To eliminate this problem, the Cache Manager on a translator machine
- automatically generates a PAG for each user and uses it, rather than the UNIX UID, to tell users apart.</P
-></LI
-></UL
-></P
-><P
->Yet another advantage of PAGs over UIDs is that processes spawned by the user inherit the PAG and so share the token;
- thus they gain access to AFS as the authenticated user. In many environments, for example, printer and other daemons run under
- identities (such as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->) that the AFS server processes recognize only as
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user. Unless PAGs are used, such daemons cannot access files for which the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group does not have the necessary ACL permissions.</P
-><P
->Once a user has a PAG, any new tokens the user obtains are associated with the PAG. The PAG expires two hours after any
- associated tokens expire or are discarded. If the user issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command before the PAG
- expires, the new token is associated with the existing PAG (the PAG is said to be recycled in this case).</P
-><P
->AFS-modified login utilities automatically generate a PAG, as described in the following section. If you use a standard
- login utility, your users must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pagsh</B
-></SPAN
-> command before the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command, or include the latter command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
-> flag. For
- instructions, see <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->.</P
-><P
->Users can also use either command at any time to create a new PAG. The difference between the two commands is that the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command replaces the PAG associated with the current command shell and tokens. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pagsh</B
-></SPAN
-> command initializes a new command shell before creating a new PAG. If the user already
- had a PAG, any running processes or jobs continue to use the tokens associated with the old PAG whereas any new jobs or
- processes use the new PAG and its associated tokens. When you exit the new shell (by pressing <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-d</B
-></SPAN
->>, for example), you return to the original PAG and shell. By default, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pagsh</B
-></SPAN
-> command initializes a Bourne shell, but you can include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-c</B
-></SPAN
->
- argument to initialize a C shell (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/bin/csh</B
-></SPAN
-> program on many system types) or Korn shell
- (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/bin/ksh</B
-></SPAN
-> program) instead.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ65"
->Using an AFS-modified login Utility</A
-></H2
-><P
->As previously mentioned, an AFS-modified login utility simultaneously obtains an AFS token and logs the user into the
- local file system. This section outlines the login and authentication process and its interaction with the value in the
- password field of the local password file.</P
-><P
->An AFS-modified login utility performs a sequence of steps similar to the following; details can vary for different
- operating systems: <OL
-TYPE="1"
-><LI
-><P
->It checks the user's entry in the local password file (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> file or
- equivalent).</P
-></LI
-><LI
-><P
->If no entry exists, or if an asterisk (<SAMP
-CLASS="computeroutput"
->*</SAMP
->) appears in the entry's password field,
- the login attempt fails. If the entry exists, the attempt proceeds to the next step.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ66"
-></A
->The utility obtains a PAG.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ67"
-></A
->The utility converts the password provided by the user into an encryption key and encrypts a
- packet of data with the key. It sends the packet to the AFS authentication service (the AFS Authentication Server in the
- conventional configuration).</P
-></LI
-><LI
-><P
->The authentication service decrypts the packet and, depending on the success of the decryption, judges the
- password to be correct or incorrect. (For more details, see <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual
- Authentication</A
->.) <UL
-><LI
-><P
->If the authentication service judges the password incorrect, the user does not receive an AFS token. The PAG
- is retained, ready to be associated with any tokens obtained later. The attempt proceeds to Step <A
-HREF="c667.html#LIWQ68"
->6</A
->.</P
-></LI
-><LI
-><P
->If the authentication service judges the password correct, it issues a token to the user as proof of AFS
- authentication. The login utility logs the user into the local UNIX file system. Some login utilities echo the
- following banner to the screen to alert the user to authentication with AFS. Step <A
-HREF="c667.html#LIWQ68"
->6</A
->
- is skipped. <PRE
-CLASS="programlisting"
-> AFS(R) version Login
-</PRE
-></P
-></LI
-></UL
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ68"
-></A
->If no AFS token was granted in Step <A
-HREF="c667.html#LIWQ67"
->4</A
->, the login utility
- attempts to log the user into the local file system, by comparing the password provided to the local password file.
- <UL
-><LI
-><P
->If the password is incorrect or any value other than an encrypted 13-character string appears in the
- password field, the login attempt fails.</P
-></LI
-><LI
-><P
->If the password is correct, the user is logged into the local file system only.</P
-></LI
-></UL
-></P
-></LI
-></OL
-></P
-><P
->As indicated, when you use an AFS-modified login utility, the password field in the local password file is no longer the
- primary gate for access to your system. If the user provides the correct AFS password, then the program never consults the
- local password file. However, you can still use the password field to control access, in the following way: <UL
-><LI
-><P
->To prevent both local login and AFS authentication, place an asterisk (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->*</B
-></SPAN
->) in the
- field. This is useful mainly in emergencies, when you want to prevent a certain user from logging into the
- machine.</P
-></LI
-><LI
-><P
->To prevent login to the local file system if the user does not provide the correct AFS password, place a character
- string of any length other than the standard thirteen characters in the field. This is appropriate if you want to permit
- only people with local AFS accounts to login on your machines. A single <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->X</B
-></SPAN
-> or other
- character is the most easily recognizable way to do this.</P
-></LI
-><LI
-><P
->To enable a user to log into the local file system even after providing an incorrect AFS password, record a
- standard UNIX encrypted password in the field by issuing the standard UNIX password-setting command (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
-> or equivalent).</P
-></LI
-></UL
-></P
-><P
->Systems that use a Pluggable Authentication Module (PAM) for login and AFS authentication do not necessarily consult the
- local password file at all, in which case they do not use the password field to control authentication and login attempts.
- Instead, instructions in the PAM configuration file (on many system types, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/pam.conf</B
-></SPAN
->)
- fill the same function. See the instructions in the IBM AFS Quick Beginnings for installing AFS-modified login
- utilities.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ69"
->Using Two-Step Login and Authentication</A
-></H2
-><P
->In cells that do not use an AFS-modified login utility, users must issue separate commands to login and authenticate, as
- detailed in the IBM AFS User Guide: <OL
-TYPE="1"
-><LI
-><P
->They use the standard <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->login</B
-></SPAN
-> program to login to the local file system, providing
- the password listed in the local password file (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> file or
- equivalent).</P
-></LI
-><LI
-><P
->They must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate with the AFS authentication
- service, including its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
-> flag to associate the new tokens with a process
- authentication group (PAG).</P
-></LI
-></OL
-></P
-><P
->As mentioned in <A
-HREF="c667.html#HDRWQ60"
->Creating Standard Files in New AFS Accounts</A
->, you can invoke the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog -setpag</B
-></SPAN
-> command in a user's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> file (or equivalent) so that
- the user does not have to remember to issue the command after logging in. The user still must type a password twice, once at
- the prompt generated by the login utility and once at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command's prompt. This implies
- that the two passwords can differ, but it is less confusing if they do not.</P
-><P
->Another effect of not using an AFS-modified login utility is that the AFS servers recognize the standard <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->login</B
-></SPAN
-> program as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->login</B
-></SPAN
-> program needs to access any AFS files (such as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.login</B
-></SPAN
-> file
- in a user's home directory), then the ACL that protects the file must include an entry granting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group.</P
-><P
->When you do not use an AFS-modified login utility, an actual (scrambled) password must appear in the local password file
- for each user. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/bin/passwd</B
-></SPAN
-> file to insert or change these passwords. It is simpler if
- the password in the local password file matches the AFS password, but it is not required.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_81"
->Obtaining, Displaying, and Discarding Tokens</A
-></H2
-><P
->Once logged in, a user can obtain a token at any time with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command. If a valid
- token already exists, the new one overwrites it. If a PAG already exists, the new token is associated with it.</P
-><P
->By default, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command authenticates the issuer using the identity currently
- logged in to the local file system. To authenticate as a different identity, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-principal</B
-></SPAN
-> argument. To obtain a token for a foreign cell, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument (it can be combined with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-principal</B
-></SPAN
-> argument). See
- the IBM AFS User Guide and the entry for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command in the IBM AFS Administration
- Reference.</P
-><P
->To discard either all tokens or the token for a particular cell, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
->
- command. The command affects only the tokens associated with the current command shell. See the IBM AFS User Guideand the
- entry for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command in the IBM AFS Administration Reference.</P
-><P
->To display the tokens associated with the current command shell, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- command. The following examples illustrate its output in various situations.</P
-><P
->If the issuer is not authenticated in any cell:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- --End of list--
-</PRE
-><P
->The following shows the output for a user with AFS UID 1000 in the ABC Corporation cell:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00]
- --End of list--
-</PRE
-><P
->The following shows the output for a user who is authenticated in ABC Corporation cell, the State University cell and
- the DEF Company cell. The user has different AFS UIDs in the three cells. Tokens for the last cell are expired:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00]
- User's (AFS ID 4286) tokens for afs@stateu.edu [Expires Jun 3 1:34]
- User's (AFS ID 22) tokens for afs@def.com [>>Expired<<]
- --End of list--
-</PRE
-><P
->The Kerberos version of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens.krb</B
-></SPAN
-> command), also reports information on the ticket-granting ticket, including the ticket's
- owner, the ticket-granting service, and the expiration date, as in the following example. Also see <A
-HREF="c667.html#HDRWQ70"
->Support for Kerberos Authentication</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens.krb</B
-></SPAN
->
- Tokens held by the Cache Manager:
- User's (AFS ID 1000) tokens for afs@abc.com [Expires Jun 2 10:00]
- User smith's tokens for krbtgt.ABC.COM@abc.com [Expires Jun 2 10:00]
- --End of list--
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_82"
->Setting Default Token Lifetimes for Users</A
-></H2
-><P
->The maximum lifetime of a user token is the smallest of the ticket lifetimes recorded in the following three
- Authentication Database entries. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command reports the lifetime as
- <SAMP
-CLASS="computeroutput"
->Max ticket lifetime</SAMP
->. Administrators who have the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag
- on their Authentication Database entry can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-lifetime</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
-> command to set an entry's ticket lifetime. <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
-> entry, which corresponds to the AFS server processes. The default is 100
- hours.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->krbtgt</B
-></SPAN
->.cellname entry, which corresponds to the ticket-granting ticket used
- internally in generating the token. The default is 720 hours (30 days).</P
-></LI
-><LI
-><P
->The entry for the user of the AFS-modified login utility or issuer of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->
- command. The default is 25 hours for user entries created using the AFS 3.1 or later version of the Authentication
- Server, and 100 hours for user entries created using the AFS 3.0 version of the Authentication Server. A user can use
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command to display his or her own Authentication Database entry.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->An AFS-modified login utility always grants a token with a lifetime calculated from the previously described three
- values. When issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command, a user can request a lifetime shorter than the
- default by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-lifetime</B
-></SPAN
-> argument. For further information, see the IBM AFS User
- Guide and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> reference page in the IBM AFS Administration Reference.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_83"
->Changing Passwords</A
-></H2
-><P
->Regular AFS users can change their own passwords by using either the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> command. The commands prompt for the current password and then twice for the
- new password, to screen out typing errors.</P
-><P
->Administrators who have the <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on their Authentication Database entries can
- change any user's password, either by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command (which requires knowing the
- current password) or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setpassword</B
-></SPAN
-> command.</P
-><P
->If your cell does not use an AFS-modified login utility, remember also to change the local password, using the operating
- system's password-changing command. For more instructions on changing passwords, see <A
-HREF="c27596.html#HDRWQ516"
->Changing AFS
- Passwords</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
-></H2
-><P
->You can help to make your cell more secure by imposing restrictions on user passwords and authentication attempts. To
- impose the restrictions as you create an account, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> instruction in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->uss</B
-></SPAN
-> template file as described in <A
-HREF="c24913.html#HDRWQ478"
->Increasing Account Security with the A
- Instruction</A
->. To set or change the values on an existing account, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas setfields</B
-></SPAN
->
- command as described in <A
-HREF="c27596.html#HDRWQ515"
->Improving Password and Authentication Security</A
->.</P
-><P
->By default, AFS passwords never expire. Limiting password lifetime can help improve security by decreasing the time the
- password is subject to cracking attempts. You can choose an lifetime from 1 to 254 days after the password was last changed.
- It automatically applies to each new password as it is set. When the user changes passwords, you can also insist that the new
- password is not similar to any of the 20 passwords previously used.</P
-><P
->Unscrupulous users can try to gain access to your AFS cell by guessing an authorized user's password. To protect against
- this type of attack, you can limit the number of times that a user can consecutively fail to provide the correct password.
- When the limit is exceeded, the authentication service refuses further authentication attempts for a specified period of time
- (the lockout time). To reenable authentication attempts before the lockout time expires, an administrator must issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas unlock</B
-></SPAN
-> command.</P
-><P
->In addition to settings on user's authentication accounts, you can improve security by automatically checking the
- quality of new user passwords. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas
- setpassword</B
-></SPAN
-> commands pass the proposed password to a program or script called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
->, if it exists. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> performs quality checks and
- returns a code to indicate whether the password is acceptable. You can create your own program or modified the sample program
- included in the AFS distribution. See the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpwvalid</B
-></SPAN
-> reference page in the IBM AFS
- Administration Reference.</P
-><P
->There are several types of quality checks that can improve password quality. <UL
-><LI
-><P
->The password is a minimum length</P
-></LI
-><LI
-><P
->The password is not a word</P
-></LI
-><LI
-><P
->The password contains both numbers and letters</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ70"
->Support for Kerberos Authentication</A
-></H2
-><P
->If your site is using standard Kerberos authentication rather than the AFS Authentication Server, use the modified
- versions of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pagsh</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> commands that support Kerberos authentication. The binaries for the modified version of these
- commands have the same name as the standard binaries with the addition of a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.krb</B
-></SPAN
->
- extension.</P
-><P
->Use either the Kerberos version or the standard command throughout the cell; do not mix the two versions. AFS Product
- Support can provide instructions on installing the Kerberos version of these four commands. For information on the differences
- between the two versions of these commands, see the IBM AFS Administration Reference.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ71"
->Security and Authorization in AFS</A
-></H1
-><P
->AFS incorporates several features to ensure that only authorized users gain access to data. This section summarizes the
- most important of them and suggests methods for improving security in your cell.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ72"
->Some Important Security Features</A
-></H2
-><DIV
-CLASS="formalpara"
-><P
-><B
->ACLs on Directories: </B
->Files in AFS are protected by the access control list (ACL) associated with their parent directory. The ACL defines
- which users or groups can access the data in the directory, and in what way. See <A
-HREF="c31274.html"
->Managing Access
- Control Lists</A
->.</P
-></DIV
-><DIV
-CLASS="formalpara"
-><P
-><B
->Mutual Authentication Between Client and Server: </B
->When an AFS client and server process communicate, each requires the other to prove its identity during mutual
- authentication, which involves the exchange of encrypted information that only valid parties can decrypt and respond to. For
- a detailed description of the mutual authentication process, see <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual
- Authentication</A
->.</P
-></DIV
-><P
->AFS server processes mutually authenticate both with one another and with processes that represent human users. After
- mutual authentication is complete, the server and client have established an authenticated connection, across which they can
- communicate repeatedly without having to authenticate again until the connection expires or one of the parties closes it.
- Authenticated connections have varying lifetimes.</P
-><DIV
-CLASS="formalpara"
-><P
-><B
->Tokens: </B
->In order to access AFS files, users must prove their identities to the AFS authentication service by providing the
- correct AFS password. If the password is correct, the authentication service sends the user a token as evidence of
- authenticated status. See <A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
->.</P
-></DIV
-><P
->Servers assign the user identity <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> to users and processes that do not have a
- valid token. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> identity has only the access granted to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group on ACLs.</P
-><DIV
-CLASS="formalpara"
-><P
-><B
->Authorization Checking: </B
->Mutual authentication establishes that two parties communicating with one another are actually who they claim to be.
- For many functions, AFS server processes also check that the client whose identity they have verified is also authorized to
- make the request. Different requests require different kinds of privilege. See <A
-HREF="c667.html#HDRWQ73"
->Three Types of
- Privilege</A
->.</P
-></DIV
-><DIV
-CLASS="formalpara"
-><P
-><B
->Encrypted Network Communications: </B
->The AFS server processes encrypt particularly sensitive information before sending it back to clients. Even if an
- unauthorized party is able to eavesdrop on an authenticated connection, they cannot decipher encrypted data without the
- proper key.</P
-></DIV
-><P
->The following AFS commands encrypt data because they involve server encryption keys and passwords: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos addkey</B
-></SPAN
-> command, which adds a server encryption key to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listkeys</B
-></SPAN
-> command, which lists the server encryption keys from the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/KeyFile</B
-></SPAN
-> file</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command, which changes a password in the Authentication
- Database</P
-></LI
-><LI
-><P
->Most commands in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> command suite</P
-></LI
-></UL
-></P
-><P
->In addition, the United States edition of the Update Server encrypts sensitive information (such as the contents of
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->KeyFile</B
-></SPAN
->) when distributing it. Other commands in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
->
- suite and the commands in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> suites do not encrypt data before transmitting it.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ73"
->Three Types of Privilege</A
-></H2
-><P
->AFS uses three separate types of privilege for the reasons discussed in <A
-HREF="c32432.html#HDRWQ585"
->The Reason for Separate
- Privileges</A
->. <UL
-><LI
-><P
->Membership in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. Members are entitled to issue any
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> command and those <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands that set volume
- quota. By default, they also implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->)
- permissions on every ACL in the file tree even if the ACL does not include an entry for them.</P
-></LI
-><LI
-><P
->The <SAMP
-CLASS="computeroutput"
->ADMIN</SAMP
-> flag on the Authentication Database entry. An administrator with this
- flag can issue any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->Inclusion in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. An administrator whose username
- appears in this file can issue any <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
->, or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> command (although some <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-> commands require
- additional privilege as described in <A
-HREF="c12776.html#HDRWQ260"
->Granting Administrative Privilege to Backup
- Operators</A
->).</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_89"
->Authorization Checking versus Authentication</A
-></H2
-><P
->AFS distinguishes between authentication and authorization checking. Authentication refers to the process of proving
- identity. Authorization checking refers to the process of verifying that an authenticated identity is allowed to perform a
- certain action.</P
-><P
->AFS implements authentication at the level of connections. Each time two parties establish a new connection, they
- mutually authenticate. In general, each issue of an AFS command establishes a new connection between AFS server process and
- client.</P
-><P
->AFS implements authorization checking at the level of server machines. If authorization checking is enabled on a server
- machine, then all of the server processes running on it provide services only to authorized users. If authorization checking
- is disabled on a server machine, then all of the server processes perform any action for anyone. Obviously, disabling
- authorization checking is an extreme security exposure. For more information, see <A
-HREF="c3025.html#HDRWQ123"
->Managing
- Authentication and Authorization Requirements</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ74"
->Improving Security in Your Cell</A
-></H2
-><P
->You can improve the level of security in your cell by configuring user accounts, server machines, and system
- administrator accounts in the indicated way.</P
-><DIV
-CLASS="formalpara"
-><P
-><B
->User Accounts: </B
-><UL
-><LI
-><P
->Use an AFS-modified login utility, or include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command, to associate the credential structure that houses tokens with a PAG rather than a
- UNIX UID. This prevents users from inheriting someone else's tokens by assuming their UNIX identity. For further
- discussion, see <A
-HREF="c667.html#HDRWQ64"
->Identifying AFS Tokens by PAG</A
->.</P
-></LI
-><LI
-><P
->Encourage users to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command to destroy their tokens before
- logging out. This forestalls attempts to access tokens left behind kernel memory. Consider including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command in every user's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.logout</B
-></SPAN
-> file or
- equivalent.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="formalpara"
-><P
-><B
->Server Machines: </B
-><UL
-><LI
-><P
->Disable authorization checking only in emergencies or for very brief periods of time. It is best to work at the
- console of the affected machine during this time, to prevent anyone else from accessing the machine through the
- keyboard.</P
-></LI
-><LI
-><P
->Change the AFS server encryption key on a frequent and regular schedule. Make it difficult to guess (a long
- string including nonalphabetic characters, for instance). Unlike user passwords, the password from which the AFS key
- is derived can be longer than eight characters, because it is never used during login. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas
- setpassword</B
-></SPAN
-> command accepts a password hundreds of characters long. For instructions, see <A
-HREF="c20494.html"
->Managing Server Encryption Keys</A
->.</P
-></LI
-><LI
-><P
->As much as possible, limit the number of people who can login at a server machine's console or remotely.
- Imposing this limit is an extra security precaution rather than a necessity. The machine cannot serve as an AFS client
- in this case.</P
-></LI
-><LI
-><P
->Particularly limit access to the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> account on a server
- machine. The local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> has free access to important administrative
- subdirectories of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs</B
-></SPAN
-> directory, as described in <A
-HREF="c667.html#HDRWQ53"
->AFS
- Files on the Local Disk</A
->.</P
-></LI
-><LI
-><P
->As in any computing environment, server machines must be located in a secured area. Any other security measures
- are effectively worthless if unauthorized people can access the computer hardware.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="formalpara"
-><P
-><B
->System Administrators: </B
-><UL
-><LI
-><P
->Limit the number of system administrators in your cell. Limit the use of system administrator accounts on
- publicly accessible workstations. Such machines are not secure, so unscrupulous users can install programs that try to
- steal tokens or passwords. If administrators must use publicly accessible workstations at times, they must issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command before leaving the machine.</P
-></LI
-><LI
-><P
->Create an administrative account for each administrator separate from the personal account, and assign AFS
- privileges only to the administrative account. The administrators must authenticate to the administrative accounts to
- perform duties that require privilege, which provides a useful audit trail as well.</P
-></LI
-><LI
-><P
->Administrators must not leave a machine unattended while they have valid tokens. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command before leaving.</P
-></LI
-><LI
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-lifetime</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas
- setfields</B
-></SPAN
-> command to set the token lifetime for administrative accounts to a fairly short amount of time.
- The default lifetime for AFS tokens is 25 hours, but 30 or 60 minutes is possibly a more reasonable lifetime for
- administrative tokens. The tokens for administrators who initiate AFS Backup System operations must last somewhat
- longer, because it can take several hours to complete some dump operations, depending on the speed of the tape device
- and the network connecting it to the file server machines that house the volumes is it accessing.</P
-></LI
-><LI
-><P
->Limit administrators' use of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
-> program. It sends unencrypted passwords
- across the network. Similarly, limit use of other remote programs such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rsh</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rcp</B
-></SPAN
->, which send unencrypted tokens across the network.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ75"
->A More Detailed Look at Mutual Authentication</A
-></H2
-><P
->As in any file system, security is a prime concern in AFS. A file system that makes file sharing easy is not useful if
- it makes file sharing mandatory, so AFS incorporates several features that prevent unauthorized users from accessing data.
- Security in a networked environment is difficult because almost all procedures require transmission of information across
- wires that almost anyone can tap into. Also, many machines on networks are powerful enough that unscrupulous users can monitor
- transactions or even intercept transmissions and fake the identity of one of the participants.</P
-><P
->The most effective precaution against eavesdropping and information theft or fakery is for servers and clients to accept
- the claimed identity of the other party only with sufficient proof. In other words, the nature of the network forces all
- parties on the network to assume that the other party in a transaction is not genuine until proven so. Mutual authentication
- is the means through which parties prove their genuineness.</P
-><P
->Because the measures needed to prevent fakery must be quite sophisticated, the implementation of mutual authentication
- procedures is complex. The underlying concept is simple, however: parties prove their identities by demonstrating knowledge of
- a shared secret. A shared secret is a piece of information known only to the parties who are mutually authenticating (they can
- sometimes learn it in the first place from a trusted third party or some other source). The party who originates the
- transaction presents the shared secret and refuses to accept the other party as valid until it shows that it knows the secret
- too.</P
-><P
->The most common form of shared secret in AFS transactions is the encryption key, also referred to simply as a key. The
- two parties use their shared key to encrypt the packets of information they send and to decrypt the ones they receive.
- Encryption using keys actually serves two related purposes. First, it protects messages as they cross the network, preventing
- anyone who does not know the key from eavesdropping. Second, ability to encrypt and decrypt messages successfully indicates
- that the parties are using the key (it is their shared secret). If they are using different keys, messages remain scrambled
- and unintelligible after decryption.</P
-><P
->The following sections describe AFS's mutual authentication procedures in more detail. Feel free to skip these sections
- if you are not interested in the mutual authentication process.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_92"
->Simple Mutual Authentication</A
-></H3
-><P
->Simple mutual authentication involves only one encryption key and two parties, generally a client and server. The
- client contacts the server by sending a challenge message encrypted with a key known only to the two of them. The server
- decrypts the message using its key, which is the same as the client's if they really do share the same secret. The server
- responds to the challenge and uses its key to encrypt its response. The client uses its key to decrypt the server's
- response, and if it is correct, then the client can be sure that the server is genuine: only someone who knows the same key
- as the client can decrypt the challenge and answer it correctly. On its side, the server concludes that the client is
- genuine because the challenge message made sense when the server decrypted it.</P
-><P
->AFS uses simple mutual authentication to verify user identities during the first part of the login procedure. In that
- case, the key is based on the user's password.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ76"
->Complex Mutual Authentication</A
-></H3
-><P
->Complex mutual authentication involves three encryption keys and three parties. All secure AFS transactions (except
- the first part of the login process) employ complex mutual authentication.</P
-><P
->When a client wishes to communicate with a server, it first contacts a third party called a ticket-granter. The
- ticket-granter and the client mutually authenticate using the simple procedure. When they finish, the ticket-granter gives
- the client a server ticket (or simply ticket) as proof that it (the ticket-granter) has preverified the identity of the
- client. The ticket-granter encrypts the ticket with the first of the three keys, called the server encryption key because it
- is known only to the ticket-granter and the server the client wants to contact. The client does not know this key.</P
-><P
->The ticket-granter sends several other pieces of information along with the ticket. They enable the client to use the
- ticket effectively despite being unable to decrypt the ticket itself. Along with the ticket, the items constitute a token:
- <UL
-><LI
-><P
->A session key, which is the second encryption key involved in mutual authentication. The ticket-granter invents
- the session key at random as the shared secret between client and server. For reasons explained further below, the
- ticket-granter also puts a copy of the session key inside the ticket. The client and server use the session key to
- encrypt messages they send to one another during their transactions. The ticket-granter invents a different session
- key for each connection between a client and a server (there can be several transactions during a single
- connection).</P
-></LI
-><LI
-><P
->The name of the server for which the ticket is valid (and so which server encryption key encrypts the ticket
- itself).</P
-></LI
-><LI
-><P
->A ticket lifetime indicator. The default lifetime of AFS server tickets is 100 hours. If the client wants to
- contact the server again after the ticket expires, it must contact the ticket-granter to get a new ticket.</P
-></LI
-></UL
-></P
-><P
->The ticket-granter seals the entire token with the third key involved in complex mutual authentication--the key known
- only to it (the ticket-granter) and the client. In some cases, this third key is derived from the password of the human user
- whom the client represents.</P
-><P
->Now that the client has a valid server ticket, it is ready to contact the server. It sends the server two things:
- <UL
-><LI
-><P
->The server ticket. This is encrypted with the server encryption key.</P
-></LI
-><LI
-><P
->Its request message, encrypted with the session key. Encrypting the message protects it as it crosses the
- network, since only the server/client pair for whom the ticket-granter invented the session key know it.</P
-></LI
-></UL
-></P
-><P
->At this point, the server does not know the session key, because the ticket-granter just created it. However, the
- ticket-granter put a copy of the session key inside the ticket. The server uses the server encryption key to decrypts the
- ticket and learns the session key. It then uses the session key to decrypt the client's request message. It generates a
- response and sends it to the client. It encrypts the response with the session key to protect it as it crosses the
- network.</P
-><P
->This step is the heart of mutual authentication between client and server, because it proves to both parties that they
- know the same secret: <UL
-><LI
-><P
->The server concludes that the client is authorized to make a request because the request message makes sense
- when the server decrypts it using the session key. If the client uses a different session key than the one the server
- finds inside the ticket, then the request message remains unintelligible even after decryption. The two copies of the
- session key (the one inside the ticket and the one the client used) can only be the same if they both came from the
- ticket-granter. The client cannot fake knowledge of the session key because it cannot look inside the ticket, sealed
- as it is with the server encryption key known only to the server and the ticket-granter. The server trusts the
- ticket-granter to give tokens only to clients with whom it (the ticket-granter) has authenticated, so the server
- decides the client is legitimate.</P
-><P
->(Note that there is no direct communication between the ticket-granter and the server, even though their
- relationship is central to ticket-based mutual authentication. They interact only indirectly, via the client's
- possession of a ticket sealed with their shared secret.)</P
-></LI
-><LI
-><P
->The client concludes that the server is genuine and trusts the response it gets back from the server, because
- the response makes sense after the client decrypts it using the session key. This indicates that the server encrypted
- the response with the same session key as the client knows. The only way for the server to learn that matching session
- key is to decrypt the ticket first. The server can only decrypt the ticket because it shares the secret of the server
- encryption key with the ticket-granter. The client trusts the ticket-granter to give out tickets only for legitimate
- servers, so the client accepts a server that can decrypt the ticket as genuine, and accepts its response.</P
-></LI
-></UL
-></P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ77"
->Backing Up AFS Data</A
-></H1
-><P
->AFS provides two related facilities that help the administrator back up AFS data: backup volumes and the AFS Backup
- System.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_95"
->Backup Volumes</A
-></H2
-><P
->The first facility is the backup volume, which you create by cloning a read/write volume. The backup volume is read-only
- and so preserves the state of the read/write volume at the time the clone is made.</P
-><P
->Backup volumes can ease administration if you mount them in the file system and make their contents available to users.
- For example, it often makes sense to mount the backup version of each user volume as a subdirectory of the user's home
- directory. A conventional name for this mount point is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->OldFiles</B
-></SPAN
->. Create a new version of the
- backup volume (that is, reclone the read/write) once a day to capture any changes that were made since the previous backup. If
- a user accidentally removes or changes data, the user can restore it from the backup volume, rather than having to ask you to
- restore it.</P
-><P
->The IBM AFS User Guide does not mention backup volumes, so regular users do not know about them if you decide not to use
- them. This implies that if you <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->do</B
-></SPAN
-> make backup versions of user volumes, you need to tell your
- users about how the backup works and where you have mounted it.</P
-><P
->Users are often concerned that the data in a backup volume counts against their volume quota and some of them even want
- to remove the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->OldFiles</B
-></SPAN
-> mount point. It does not, because the backup volume is a separate
- volume. The only amount of space it uses in the user's volume is the amount needed for the mount point, which is about the
- same as the amount needed for a standard directory element.</P
-><P
->Backup volumes are discussed in detail in <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_96"
->The AFS Backup System</A
-></H2
-><P
->Backup volumes can reduce restoration requests, but they reside on disk and so do not protect data from loss due to
- hardware failure. Like any file system, AFS is vulnerable to this sort of data loss.</P
-><P
->To protect your cell's users from permanent loss of data, you are strongly urged to back up your file system to tape on
- a regular and frequent schedule. The AFS Backup System is available to ease the administration and performance of backups. For
- detailed information about the AFS Backup System, see <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
-> and
- <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ78"
->Using UNIX Remote Services in the AFS Environment</A
-></H1
-><P
->The AFS distribution includes modified versions of several standard UNIX commands, daemons and programs that provide
- remote services, including the following: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ftpd</B
-></SPAN
-> program</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->inetd</B
-></SPAN
-> daemon</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rcp</B
-></SPAN
-> program</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlogind</B
-></SPAN
-> daemon</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rsh</B
-></SPAN
-> command</P
-></LI
-></UL
-></P
-><P
->These modifications enable the commands to handle AFS authentication information (tokens). This enables issuers to be
- recognized on the remote machine as an authenticated AFS user.</P
-><P
->Replacing the standard versions of these programs in your file tree with the AFS-modified versions is optional. It is
- likely that AFS's transparent access reduces the need for some of the programs anyway, especially those involved in transferring
- files from machine to machine, like the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ftpd</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rcp</B
-></SPAN
->
- programs.</P
-><P
->If you decide to use the AFS versions of these commands, be aware that several of them are interdependent. For example,
- the passing of AFS authentication information works correctly with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rcp</B
-></SPAN
-> command only if you
- are using the AFS version of both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rcp</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->inetd</B
-></SPAN
->
- commands.</P
-><P
->The conventional installation location for the modified remote commands are the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/bin</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afsws/etc</B
-></SPAN
-> directories. To learn more about
- commands' functionality, see their reference pages in the IBM AFS Administration Reference.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ79"
->Accessing AFS through NFS</A
-></H1
-><P
->Users of NFS client machines can access the AFS filespace by mounting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory
- of an AFS client machine that is running the NFS/AFS Translator. This is a particular advantage in cells already running NFS who
- want to access AFS using client machines for which AFS is not available. See <A
-HREF="a33047.html"
->Appendix A, Managing the
- NFS/AFS Translator</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c130.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="p3023.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->An Overview of AFS Administration</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p128.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Managing File Server Machines</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Managing Volumes</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="UP"
-TITLE="Managing File Server Machines"
-HREF="p3023.html"><LINK
-REL="PREVIOUS"
-TITLE="Monitoring and Controlling Server Processes"
-HREF="c6449.html"><LINK
-REL="NEXT"
-TITLE="Configuring the AFS Backup System"
-HREF="c12776.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c6449.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c12776.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ174"
-></A
->Chapter 5. Managing Volumes</H1
-><P
->This chapter explains how to manage the volumes stored on file server machines. The volume is the designated unit of
- administration in AFS, so managing them is a large part of the administrator's duties.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ175"
->Summary of Instructions</A
-></H1
-><P
->This chapter explains how to perform the following tasks by using the indicated commands:</P
-><DIV
-CLASS="informaltable"
-><A
-NAME="AEN8426"
-></A
-><TABLE
-BORDER="0"
-FRAME="void"
-CLASS="CALSTABLE"
-><COL
-WIDTH="58*"><COL
-WIDTH="42*"><TBODY
-><TR
-><TD
->Create read/write volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create read-only volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->and</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create backup volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create many backup volumes at once</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Examine VLDB entry</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Examine volume header</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Examine both VLDB entry and volume header</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display volume's name</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->or</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display volume's ID number</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->or</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- examine</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->or</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display partition's size and space available</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos partinfo</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display volume's location</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->or</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Create mount point</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove mount point</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display mount point</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Move read/write volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos move</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Synchronize VLDB with volume headers</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncvldb</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->and</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- syncserv</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Set volume quota</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->or</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setquota</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display volume quota</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->or</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listquota</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->or</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display volume's current size</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->or</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- examine</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Display list of volumes on a machine/partition</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove read/write volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->and</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- rmmount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove read-only volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove backup volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->and</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- rmmount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove volume; no VLDB change</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos zap</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove read-only site definition</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remsite</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Remove VLDB entry; no volume change</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos delentry</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Dump volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Restore dumped volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Rename volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos rename</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->and</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Unlock volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlock</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Unlock multiple volumes</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlockvldb</B
-></SPAN
-></TD
-></TR
-><TR
-><TD
->Lock volume</TD
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos lock</B
-></SPAN
-></TD
-></TR
-></TBODY
-></TABLE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ177"
->About Volumes</A
-></H1
-><P
->An AFS <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume</I
-></SPAN
-> is a logical unit of disk space that functions like a container for the files in an AFS
- directory, keeping them all together on one partition of a file server machine. To make a volume's contents visible in the
- cell's file tree and accessible to users, you mount the volume at a directory location in the AFS filespace. The association
- between the volume and its location in the filespace is called a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mount point</I
-></SPAN
->, and because of AFS's internal
- workings it looks and acts just like a standard directory element. Users can access and manipulate a volume's contents in the
- same way they access and manipulate the contents of a standard UNIX directory. For more on the relationship between volumes and
- directories, see <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->.</P
-><P
->Many of an administrator's daily activities involve manipulating volumes, since they are the basic storage and
- administrative unit of AFS. For a discussion of some of the ways volumes can make your job easier, see <A
-HREF="c8420.html#HDRWQ179"
->How Volumes Improve AFS Efficiency</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ178"
->The Three Types of Volumes</A
-></H2
-><P
->There are three types of volumes in AFS, as described in the following list: <UL
-><LI
-><P
->The single <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->read/write</I
-></SPAN
-> version of a volume houses the modifiable versions of the files and
- directories in that volume. It is often referred to as the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->read/write</I
-></SPAN
-> source because volumes of the
- other two types are derived from it by a copying procedure called <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cloning</I
-></SPAN
->. For instructions on
- creating read/write volumes, see <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
->.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->read-only</I
-></SPAN
-> volume is a copy of the read/write source volume and can exist at multiple
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->sites</I
-></SPAN
-> (a site is a particular partition on a particular file server machine). Placing the same data
- at more than one site is called <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->replication</I
-></SPAN
->; see <A
-HREF="c8420.html#HDRWQ179"
->How Volumes Improve AFS
- Efficiency</A
->. As the name suggests, a read-only volume's contents do not change automatically as the read/write
- source changes, but only when an administrator issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command. For
- users to have a consistent view of the AFS filespace, all copies of the read-only volume must match each other and their
- read/write source. All read-only volumes share the same name, which is derived by adding the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension to the read/write source's name. For instructions on creating of read-only
- volumes, see <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->.</P
-></LI
-><LI
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->backup</I
-></SPAN
-> volume is a clone of the read/write source volume and is stored at the same site as
- the source. A backup version is useful because it records the state of the read/write source at a certain time, allowing
- recovery of data that is later mistakenly changed or deleted (for further discussion see <A
-HREF="c8420.html#HDRWQ179"
->How
- Volumes Improve AFS Efficiency</A
->). A backup volume's name is derived by adding the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension to the read/write source's name. For instructions on creating of backup
- volumes, see <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->A backup volume is not the same as the backup of a volume transferred to tape using the AFS Backup System,
- although making a backup version of a volume is usually a stage in the process of backing up the volume to tape. For
- information on backing up a volume using the AFS Backup System, see <A
-HREF="c15383.html#HDRWQ296"
->Backing Up
- Data</A
->.</P
-></BLOCKQUOTE
-></DIV
-></LI
-></UL
-></P
-><P
->As noted, the three types of volumes are related to one another: read-only and backup volumes are both derived from a
- read/write volume through a process called cloning. Read-only and backup volumes are exact copies of the read/write source at
- the time they are created.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ179"
->How Volumes Improve AFS Efficiency</A
-></H2
-><P
->Volumes make your cell easier to manage and more efficient in the following three ways: <UL
-><LI
-><P
->Volumes are easy to move between partitions, on the same or different machines, because they are by definition
- smaller than a partition. Perhaps the most common reasons to move volumes are to balance the load among file server
- machines or to take advantage of greater disk capacity on certain machines. You can move volumes as often as necessary
- without disrupting user access to their contents, because the move procedure makes the contents unavailable for only a
- few seconds. The automatic tracking of volume locations in the Volume Location Database (VLDB) assures that access
- remains transparent. For instructions on moving volumes, see <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->.</P
-></LI
-><LI
-><P
->Volumes are the unit of replication in AFS. <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Replication</I
-></SPAN
-> refers to creating a read-only clone
- from the read/write source and distributing of the clone to one or more sites. Replication improves system efficiency
- because more than one machine can fill requests for popular files. It also boosts system reliability by helping to keep
- data available in the face of machine or server process outage. In general, volumes containing popular application
- programs and other files that do not change often are the best candidates for replication, but you can replicate any
- read/write volume. See <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->.</P
-></LI
-><LI
-><P
->Volumes are the unit of backup in AFS, in two senses. You can create a backup volume version to preserves the
- state of a read/write source volume at a specified time. You can mount the backup version in the AFS filespace, enabling
- users to restore data they have accidentally changed or deleted without administrator assistance, which frees you for
- more important jobs. If you make a new backup version of user volumes once a day (presumably overwriting the former
- backup), then users are always be able to retrieve the previous day's version of a file. For instructions, see <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->.</P
-><P
->Backup also refers to using the AFS Backup System to store permanent copies of volume contents on tape or in a
- special backup data. See <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
->and <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ180"
->Volume Information in the VLDB</A
-></H2
-><P
->The Volume Location Database (VLDB) includes entries for every volume in a cell. Perhaps the most important information
- in the entry is the volume's location, which is key to transparent access to AFS data. When a user opens a file, the Cache
- Manager consults the Volume Location (VL) Server, which maintains the VLDB, for a list of the file server machines that house
- the volume containing the file. The Cache Manager then requests the file from the File Server running on one of the relevant
- file server machines. The file location procedure is invisible to the user, who only needs to know the file's pathname.</P
-><P
->The VLDB volume entry for a read/write volume also contains the pertinent information about the read-only and backup
- versions, which do not have their own VLDB entries. (The rare exception is a read-only volume that has its own VLDB entry
- because its read/write source has been removed.) A volume's VLDB entry records the volume's name, the unique volume ID number
- for each version (read/write, read-only, backup, and releaseClone), a count of the number of sites that house a read/write or
- read-only version, and a list of the sites.</P
-><P
->To display the VLDB entry for one or more volumes, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command as
- described in <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->. To display the VLDB entry for a single volume along with
- its <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume header</I
-></SPAN
->, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ222"
->To display one volume's VLDB entry and volume header</A
->. (See the following section for a description
- of the volume header.)</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ181"
->The Information in Volume Headers</A
-></H2
-><P
->Whereas all versions of a volume share one VLDB entry, each volume on an AFS server partition has its own volume header,
- a data structure that maps the files and directories in the volume to physical memory addresses on the partition that stores
- them. The volume header binds the volume's contents into a logical unit without requiring that they be stored in contiguous
- memory blocks. The volume header also records the following information about the volume, some of it redundant with the VLDB
- entry: name, volume ID number, type, size, status (online, offline, or busy), space quota, timestamps for creation date and
- date of last modification, and number of accesses during the current day.</P
-><P
->To display the volume headers on one or more partitions, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> command as
- described in <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->. To display the VLDB entry for a single volume along
- with its volume header, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ222"
->To display one volume's VLDB entry and volume header</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ182"
->Keeping the VLDB and Volume Headers Synchronized</A
-></H2
-><P
->It is vital that the information in the VLDB correspond to the status of the actual volumes on the servers (as recorded
- in volume headers) as much of the time as possible. If a volume's location information in the VLDB is incorrect, the Cache
- Manager cannot find access its contents. Whenever you issue a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> command that changes a
- volume's status, the Volume Server and VL Server cooperate to keep the volume header and VLDB synchronized. In rare cases, the
- header and VLDB can diverge, for instance because a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> operation halts prematurely. For
- instructions on resynchronizing them, see <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ183"
->About Mounting Volumes</A
-></H2
-><P
->To make a volume's contents visible in the cell's file tree and accessible to users, you mount the volume at a directory
- location in the AFS filespace. The association between the volume and its location in the filespace is called a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mount point</I
-></SPAN
->. An AFS mount point looks and functions like a regular UNIX file system directory, but
- structurally it is more like a symbolic link that tells the Cache Manager the name of the volume associated with the
- directory. A mount point looks and acts like a directory only because the Cache Manager knows how to interpret it.</P
-><P
->Consider the common case where the Cache Manager needs to retrieve a file requested by an application program. The Cache
- Manager traverses the file's complete pathname, starting at the AFS root (by convention mounted at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory) and continuing to the file. When the Cache Manager encounters (or
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->crosses</I
-></SPAN
->) a mount point during the traversal, it reads it to learn the name of the volume mounted at that
- directory location. After obtaining location information about the volume from the Volume Location (VL) Server, the Cache
- Manager fetches the indicated volume and opens its <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->root directory</I
-></SPAN
->. The root directory of a volume lists
- all the files, subdirectories, and mount points that reside in it. The Cache Manager scans the root directory listing for the
- next element in the pathname. It continues down the path, using this method to interpret any other mount points it encounters,
- until it reaches the volume that houses the requested file.</P
-><P
->Mount points act as the glue that connects the AFS file space, creating the illusion of a single, seamless file tree
- even when volumes reside on many different file server machines. A volume's contents are visible and accessible when the
- volume is mounted at a directory location, and are not accessible at all if the volume is not mounted.</P
-><P
->You can mount a volume at more than one location in the file tree, but this is not recommended for two reasons. First,
- it distorts the hierarchical nature of the filespace. Second, the Cache Manager can become confused about which pathname it
- followed to reach the file (causing unpredictable output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pwd</B
-></SPAN
-> command, for example).
- However, if you mount a volume at more than one directory, the access control list (ACL) associated with the volume's root
- directory applies to all of the mount points.</P
-><P
->There are several types of mount points, each of which the Cache Manager handles in a different way and each of which is
- appropriate for a different purpose. See <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ184"
->About Volume Names</A
-></H2
-><P
->A read/write volume's name can be up to 22 characters in length. The Volume Server automatically adds the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extensions to read-only and backup volumes
- respectively. Do not explicitly add the extensions to volume names, even if they are appropriate.</P
-><P
->It is conventional for a volume's name to indicate the type of data it houses. For example, it is conventional to name
- all user volumes <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
->.username where username is the user's login name. Similarly, many cells
- elect to put system binaries in volumes with names that begin with the system type code. For a list of other naming
- conventions, see <A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to Simplify Administration</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ185"
->Creating Read/write Volumes</A
-></H1
-><P
->A read/write volume is the most basic type of volume, and must exist before you can create read-only or backup versions of
- it. When you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> command to create a read/write volume, the VL Server creates
- a VLDB entry for it which records the name you specify, assigns a read/write volume ID number, and reserves the next two
- consecutive volume ID numbers for read-only and backup versions that possibly are to be created later. At the same time, the
- Volume Server creates a volume header at the site you designate, allocating space on disk to record the name of the volume's
- root directory. The name is filled in when you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to mount the
- volume, and matches the mount point name. The following is also recorded in the volume header: <UL
-><LI
-><P
->An initial ACL associated with the volume's root directory. By default it grants all seven AFS access permissions to
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. After you mount the volume, you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to add other entries and to remove or change the entry for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. See <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->.</P
-></LI
-><LI
-><P
->A space quota, which limits the amount of disk space the read/write version of the volume can use on the file server
- partition. The default is of 5000 kilobyte blocks, but you can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-> argument
- to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> command to set a different quota.</P
-><P
->To change the quota after creation, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setquota</B
-></SPAN
-> command as described in
- <A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume Quota and Current Size</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_212"
->To create (and mount) a read/write volume</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions on the ACL of the directory where you plan to mount the volume. If necessary,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->dir/file path</I
-></SPAN
->>]</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ186"
-></A
->Select a site (disk partition on a file server machine) for the new volume. To verify that
- the site has enough free space to house the volume (now, or if it grows to use its entire quota), issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos partinfo</B
-></SPAN
-> command.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The partition-related statistics in this command's output do not always agree with the corresponding values in the
- output of the standard UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->df</B
-></SPAN
-> command. The statistics reported by this command can be
- up to five minutes old, because the Cache Manager polls the File Server for partition information at that frequency.
- Also, on some operating systems, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->df</B
-></SPAN
-> command's report of partition size includes
- reserved space not included in this command's calculation, and so is likely to be about 10% larger.</P
-></BLOCKQUOTE
-></DIV
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos partinfo</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->machine name</I
-></SPAN
->> [<<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->partition name</I
-></SPAN
->>]</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->p</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partinfo</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the file server machine for which to display partition size and usage.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Names one partition for which to display partition size and usage. If you omit it, the output displays the
- size and space available for all partitions on the machine.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ187"
-></A
->Select a volume name, taking note of the information in <A
-HREF="c8420.html#HDRWQ184"
->About Volume
- Names</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ188"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> command to create the volume.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->partition name</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->initial quota (KB)</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cr</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->create</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the file server machine on which to place the volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the disk partition on which to place the volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name</B
-></SPAN
-></DT
-><DD
-><P
->Names the volume. It can be up to 22 alphanumeric and punctuation characters in length. Your cell possibly
- has naming conventions for volumes, such as beginning user volume names with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
-> and using the period to separate parts of the name.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-></DT
-><DD
-><P
->Sets the volume's quota, as a number of kilobyte blocks. If you omit this argument, the quota is set to 5000
- kilobyte blocks.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><A
-NAME="LIWQ189"
-></A
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to mount
- the volume in the filespace. For complete syntax, see <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount
- point</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->directory</I
-></SPAN
->> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volume name</I
-></SPAN
->></PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> command to verify
- that the mount point refers to the correct volume. Complete instructions appear in <A
-HREF="c8420.html#HDRWQ211"
->To display a
- mount point</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> <<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->directory</I
-></SPAN
->></PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> command with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-offlinemsg</B
-></SPAN
-> argument to record auxiliary information about the volume in its volume
- header. For example, you can record who owns the volume or where you have mounted it in the filespace. To display the
- information, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dir/file path</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-offlinemsg </B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->offline message</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sv</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setvol</B
-></SPAN
->(and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setv</B
-></SPAN
->
- the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point of the volume with which to associate the message. Partial pathnames are interpreted
- relative to the current working directory.</P
-><P
->Specify the read/write path to the mount point, to avoid the failure that results when you attempt to change
- a read-only volume. By convention, you indicate the read/write path by placing a period before the cell name at
- the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For further discussion
- of the concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of
- Mount Point Traversal</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-offlinemsg</B
-></SPAN
-></DT
-><DD
-><P
->Specifies up to 128 characters of auxiliary information to record in the volume header.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ190"
->About Clones and Cloning</A
-></H1
-><P
->To create a backup or read-only volume, the Volume Server begins by <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cloning</I
-></SPAN
-> the read/write source
- volume to create a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->clone</I
-></SPAN
->. The Volume Server creates the clone automatically when you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> command (for a backup volume) or the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command (for a read-only volume). No special action is required on your
- part.</P
-><P
->A clone is not a copy of the data in the read/write source volume, but rather a copy of the read/write volume's
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->vnode index</I
-></SPAN
->. The vnode index is a table of pointers between the files and directories in the volume and the
- physical disk blocks on the partition where the data resides. From the clone, backup and read-only volumes are created in the
- following manner: <UL
-><LI
-><P
->A read-only volume that occupies the same partition as its read/write source (also known as a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->read-only
- clone</I
-></SPAN
->), and a backup volume, are created by attaching a volume header to the clone. These volumes initially
- consume very little disk space, because the clone portion (the vnode index) points to exactly the same files as the
- read/write volume, as illustrated in <A
-HREF="c8420.html#FIGWQ191"
->Figure 1</A
->. The file sharing is possible only because
- the clone is on the same partition as the read/write source volume. When a file in the read/write volume is deleted, it is
- not actually removed from the partition, because the backup or read-only clone still points to it. Similarly, when a file
- in the read/write is changed, the entire original file is preserved on disk because the clone still points to it, and the
- read/write volume's vnode index changes to point to newly space for the changed file. When this happens, the backup or
- read-only volume is said to grow or start occupying actual disk space.</P
-></LI
-><LI
-><P
->A read-only volume that does not occupy the same site as the read/write source is a copy of the clone and of all of
- the data in the read/write source volume. It occupies the same amount of disk space as the read/write volume did at the
- time the read-only volume was created.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="figure"
-><A
-NAME="FIGWQ191"
-></A
-><DIV
-CLASS="mediaobject"
-><P
-><IMG
-SRC="vnode.png"></P
-></DIV
-><P
-><B
->Figure 1. File Sharing Between the Read/write Source and a Clone Volume</B
-></P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
-></H1
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Replication</I
-></SPAN
-> refers to creating a read-only copy of a read/write volume and distributing the copy to
- one or more additional file server machines. Replication makes a volume's contents accessible on more than one file server
- machine, which increases data availability. It can also increase system efficiency by reducing load on the network and File
- Server. Network load is reduced if a client machine's server preference ranks lead the Cache Manager to access the copy of a
- volume stored on the closest file server machine. Load on the File Server is reduced because it issues only one callback for all
- data fetched from a read-only volume, as opposed to a callback for each file fetched from a read/write volume. The single
- callback is sufficient for an entire read-only volume because the volume does not change except in response to administrator
- action, whereas each read/write file can change at any time.</P
-><P
->Replicating a volume requires issuing two commands. First, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> command to
- add one or more read-only site definitions to the volume's VLDB entry (a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->site</I
-></SPAN
-> is a particular partition on
- a file server machine). Then use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command to clone the read/write source volume
- and distribute the clone to the defined read-only sites. You issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> only once
- for each read-only site, but must reissue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command every time the read/write
- volume's contents change and you want to update the read-only volumes.</P
-><P
->For users to have a consistent view of the file system, the release of updated volume contents to read-only sites must be
- atomic: either all read-only sites receive the new version of the volume, or all sites keep the version they currently have. The
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command is designed to ensure that all copies of the volume's read-only version
- match both the read/write source and each other. In cases where problems such as machine or server process outages prevent
- successful completion of the release operation, AFS uses two mechanisms to alert you.</P
-><P
->First, the command interpreter generates an error message on the standard error stream naming each read-only site that did
- not receive the new volume version. Second, during the release operation the Volume Location (VL) Server marks site definitions
- in the VLDB entry with flags (<SAMP
-CLASS="computeroutput"
->New release</SAMP
-> and <SAMP
-CLASS="computeroutput"
->Old release</SAMP
->)
- that indicate whether or not the site has the new volume version. If any flags remain after the operation completes, it was not
- successful. The Cache Manager refuses to access a read-only site marked with the <SAMP
-CLASS="computeroutput"
->Old release</SAMP
->
- flag, which potentially imposes a greater load on the sites marked with the <SAMP
-CLASS="computeroutput"
->New release</SAMP
-> flag.
- It is important to investigate and eliminate the cause of the failure and then to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-> command as many times as necessary to complete the release without errors.</P
-><P
->The pattern of site flags remaining in the volume's VLDB entry after a failed release operation can help determine the
- point at which the operation failed. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- listvldb</B
-></SPAN
-> command to display the VLDB entry. The VL Server sets the flags in concert with the Volume Server's
- operations, as follows: <OL
-TYPE="1"
-><LI
-><P
->Before the operation begins, the VL Server sets the <SAMP
-CLASS="computeroutput"
->New release</SAMP
-> flag on the
- read/write site definition in the VLDB entry and the <SAMP
-CLASS="computeroutput"
->Old release</SAMP
-> flag on read-only site
- definitions (unless the read-only site has been defined since the last release operation and has no actual volume, in
- which case its site flag remains <SAMP
-CLASS="computeroutput"
->Not released</SAMP
->).</P
-></LI
-><LI
-><P
->If necessary, the Volume Server creates a temporary copy (a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->clone</I
-></SPAN
->) of the read/write source
- called the ReleaseClone (see the following discussion of when the Volume Server does or does not create a new
- ReleaseClone.) It assigns the ReleaseClone its own volume ID number, which the VL Server records in the
- <SAMP
-CLASS="computeroutput"
->RClone</SAMP
-> field of the source volume's VLDB entry.</P
-></LI
-><LI
-><P
->The Volume Server distributes a copy of the ReleaseClone to each read-only site defined in the VLDB entry. As the
- site successfully receives the new clone, the VL Server sets the site's flag in the VLDB entry to <SAMP
-CLASS="computeroutput"
->New
- release</SAMP
->.</P
-></LI
-><LI
-><P
->When all the read-only copies are successfully released, the VL Server clears all the <SAMP
-CLASS="computeroutput"
->New
- release</SAMP
-> site flags. The ReleaseClone is no longer needed, so the Volume Server deletes it and the VL
- Server erases its ID from the VLDB entry.</P
-></LI
-></OL
-></P
-><P
->By default, the Volume Server determines automatically whether or not it needs to create a new ReleaseClone: <UL
-><LI
-><P
->If there are no flags (<SAMP
-CLASS="computeroutput"
->New release</SAMP
->, <SAMP
-CLASS="computeroutput"
->Old release</SAMP
->,
- or <SAMP
-CLASS="computeroutput"
->Not released</SAMP
->) on site definitions in the VLDB entry, the previous <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command completed successfully and all read-only sites currently have the same volume.
- The Volume Server infers that the current <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command was issued because the
- read/write volume has changed. The Volume Server creates a new ReleaseClone and distributes it to all of the read-only
- sites.</P
-></LI
-><LI
-><P
->If any site definition in the VLDB entry is marked with a flag, either the previous release operation did not
- complete successfully or a new read-only site was defined since the last release. The Volume Server does not create a new
- ReleaseClone, instead distributing the existing ReleaseClone to sites marked with the <SAMP
-CLASS="computeroutput"
->Old
- release</SAMP
-> or <SAMP
-CLASS="computeroutput"
->Not released</SAMP
-> flag. As previously noted, the VL Server marks
- each VLDB site definition with the <SAMP
-CLASS="computeroutput"
->New release</SAMP
-> flag as the site receives the
- ReleaseClone, and clears all flags after all sites successfully receive it.</P
-></LI
-></UL
-></P
-><P
->To override the default behavior, forcing the Volume Server to create and release a new ReleaseClone to the read-only
- sites, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-f</B
-></SPAN
-> flag. This is appropriate if, for example, the data at the read/write
- site has changed since the existing ReleaseClone was created during the previous release operation.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ193"
->Using Read-only Volumes Effectively</A
-></H2
-><P
->For maximum effectiveness, replicate only volumes that satisfy two criteria: <UL
-><LI
-><P
->The volume's contents are heavily used. Examples include a volume housing binary files for text editors or other
- popular application programs, and volumes mounted along heavily traversed directory paths such as the paths leading to
- user home directories. It is an inefficient use of disk space to replicate volumes for which the demand is low enough
- that a single File Server can easily service all requests.</P
-></LI
-><LI
-><P
->The volume's contents change infrequently. As noted, file system consistency demands that the contents of
- read-only volumes must match each other and their read/write source at all times. Each time the read/write volume
- changes, you must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command to update the read-only volumes. This
- can become tedious (and easy to forget) if the read/write volume changes frequently.</P
-></LI
-></UL
-></P
-><P
->Explicitly mounting a read-only volume (creating a mount point that names a volume with a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension) is not generally necessary or appropriate. The Cache Manager has a built-in bias
- to access the read-only version of a replicated volume whenever possible. As described in more detail in <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount Point Traversal</A
->, when the Cache Manager encounters a mount point it reads the
- volume name inside it and contacts the VL Server for a list of the sites that house the volume. In the normal case, if the
- mount point resides in a read-only volume and names a read/write volume (one that does not have a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension), the Cache Manager always attempts to
- access a read-only copy of the volume. Thus there is normally no reason to force the Cache Manager to access a read-only
- volume by mounting it explicitly.</P
-><P
->It is a good practice to place a read-only volume at the read/write site, for a couple of reasons. First, the read-only
- volume at the read/write site requires only a small amount of disk space, because it is a clone rather a copy of all of the
- data (see <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->). Only if a large number of files are removed or changed in
- the read/write volume does the read-only copy occupy much disk space. That normally does not happen because the appropriate
- response to changes in a replicated read/write volume is to reclone it. The other reason to place a read-only volume at the
- read/write site is that the Cache Manager does not attempt to access the read/write version of a replicated volume if all
- read-only copies become inaccessible. If the file server machine housing the read/write volume is the only accessible machine,
- the Cache Manager can access the data only if there is a read-only copy at the read/write site.</P
-><P
->The number of read-only sites to define depends on several factors. Perhaps the main trade-off is between the level of
- demand for the volume's contents and how much disk space you are willing to use for multiple copies of the volume. Of course,
- each prospective read-only site must have enough available space to accommodate the volume. The limit on the number of
- read-only copies of a volume is determined by the maximum number of site definitions in a volume's VLDB entry, which is
- defined in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
-> IBM AFS Release Notes</I
-></SPAN
->. The site housing the read/write and backup versions of the volume
- counts as one site, and each read-only site counts as an additional site (even the read-only site defined on the same file
- server machine and partition as the read/write site counts as a separate site). Note also that the Volume Server permits only
- one read-only copy of a volume per file server machine.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_216"
->Replication Scenarios</A
-></H2
-><P
->The instructions in the following section explain how to replicate a volume for which no read-only sites are currently
- defined. However, you can also use the instructions in other common situations: <UL
-><LI
-><P
->If you are releasing a new clone to sites that already exist, you can skip Step <A
-HREF="c8420.html#LIWQ196"
->2</A
->.
- It can still be useful to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command, however, to verify that the
- desired read-only sites are defined.</P
-></LI
-><LI
-><P
->If you are adding new read-only sites to existing ones, perform all of the steps. In Step <A
-HREF="c8420.html#LIWQ197"
->3</A
->, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> command for the new sites
- only.</P
-></LI
-><LI
-><P
->If you are defining sites but do not want to release a clone to them yet, stop after Step <A
-HREF="c8420.html#LIWQ197"
->3</A
->and continue when you are ready.</P
-></LI
-><LI
-><P
->If you are removing one or more sites before releasing a new clone to the remaining sites, follow the instructions
- for site removal in <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->and then start with Step
- <A
-HREF="c8420.html#LIWQ198"
->4</A
->.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
-><A
-NAME="LIWQ195"
-></A
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
->
- file. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ196"
-></A
->Select one or more sites at which to replicate the volume. There are several factors to
- consider: <UL
-><LI
-><P
->How many sites are already defined. As previously noted, it is usually appropriate to define a read-only site
- at the read/write site. Also, the Volume Server permits only one read-only copy of a volume per file server machine.
- To display the volume's current sites, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command, which is
- described fully in <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><P
->The final lines of output display the volume's site definitions from the VLDB.</P
-></LI
-><LI
-><P
->Whether your cell dedicates any file server machines to housing read-only volumes only. In general, only very
- large cells use read-only server machines.</P
-></LI
-><LI
-><P
->Whether a site has enough free space to accommodate the volume. A read-only volume requires the same amount of
- space as the read/write version (unless it is at the read/write site itself). The first line of output from the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command displays the read/write volume's current size in kilobyte
- blocks, as shown in <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->.</P
-><P
->To display the amount of space available on a file server machine's partitions, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos partinfo</B
-></SPAN
-> command, which is described fully in <A
-HREF="c8420.html#HDRWQ185"
->Creating
- Read/write Volumes</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos partinfo</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->partition name</VAR
->>]
-</PRE
-></LI
-></UL
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ197"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> command to define each new read-only
- site in the VLDB. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->partition name</VAR
->> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ad</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->addsite</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Defines the file server machine for the new site.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Names a disk partition on the machine machine name.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the read/write volume to be replicated, either by its complete name or its volume ID
- number.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ198"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Verify that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process (which incorporates the Volume Server) is functioning normally on each file server
- machine where you have defined a read-only site, and that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vlserver</B
-></SPAN
-> process (the
- Volume Location Server) is functioning correctly on each database server machine. Knowing that they are functioning
- eliminates two possible sources of failure for the release. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command
- on each file server machine housing a read-only site for this volume and on each database server machine. The command is
- described fully in <A
-HREF="c6449.html#HDRWQ158"
->Displaying Process Status and Information from the BosConfig File</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs vlserver</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ199"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command to clone the read/write source
- volume and distribute the clone to each read-only site. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-f</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rel</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->release</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the read/write volume to clone, either by its complete name or volume ID number. The read-only
- version is given the same name with a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension. All read-only copies
- share the same read-only volume ID number.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-f</B
-></SPAN
-></DT
-><DD
-><P
->Creates and releases a brand new clone.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><A
-NAME="LIWQ200"
-></A
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command to verify
- that no site definition in the VLDB entry is marked with an <SAMP
-CLASS="computeroutput"
->Old release</SAMP
-> or
- <SAMP
-CLASS="computeroutput"
->New release</SAMP
-> flag. The command is described fully in <A
-HREF="c8420.html#HDRWQ221"
->Displaying
- One Volume's VLDB Entry and Volume Header</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-></LI
-></OL
-><P
->If any flags appear in the output from Step <A
-HREF="c8420.html#LIWQ200"
->6</A
->, repeat Steps <A
-HREF="c8420.html#LIWQ198"
->4</A
->and <A
-HREF="c8420.html#LIWQ199"
->5</A
->until the Volume Server does not produce any error messages
- during the release operation and the flags no longer appear. Do not issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
->
- command when you know that the read/write site or any read-only site is inaccessible due to network, machine or server process
- outage.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ201"
->Creating Backup Volumes</A
-></H1
-><P
->A <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->backup volume</I
-></SPAN
-> is a clone that resides at the same site as its read/write source (to review the
- concept of cloning, see <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->). Creating a backup version of a volume has two
- purposes: <UL
-><LI
-><P
->It is by convention the first step when dumping a volume's contents to tape with the AFS Backup System. A volume is
- inaccessible while it is being dumped, so instead of dumping the read/write volume, you create and dump a backup version.
- Users do not normally access the backup version, so it is unlikely that the dump will disturb them. For more details, see
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->.</P
-></LI
-><LI
-><P
->It enables users to restore mistakenly deleted or changed data themselves, freeing you for more crucial tasks. The
- backup version captures the state of its read/write source at the time the backup is made, and its contents cannot change.
- Mount the backup version in the filespace so that users can restore a file to its state at the time you made the backup.
- See <A
-HREF="c8420.html#HDRWQ204"
->Making the Contents of Backup Volumes Available to Users</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ202"
->Backing Up Multiple Volumes at Once</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> command creates a backup version of many read/write volumes at once.
- This command is useful when preparing for large-scale backups to tape using the AFS Backup System.</P
-><P
->To clone every read/write volume listed in the VLDB, omit all of the command's options. Otherwise, combine the command's
- options to clone various groups of volumes. The options use one of two basic criteria to select volumes: location (the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments) or presence in the volume
- name of one of a set of specified character strings (the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> options).</P
-><P
->To clone only volumes that reside on one file server machine, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->
- argument. To clone only volumes that reside on one partition, combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument can also be
- used alone to clone volumes that reside on the indicated partition on every file server machine. These arguments can be
- combined with those that select volumes based on their names.</P
-><P
->Combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> options (with or without the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments) in the indicated ways to select volumes based on character strings contained in
- their names: <UL
-><LI
-><P
->To clone every read/write volume at the specified location whose name includes one of a set of specified character
- strings (for example, begins with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
-> or includes the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afs</B
-></SPAN
->), use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> argument or combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
-> options.</P
-></LI
-><LI
-><P
->To clone every read/write volume at the specified location except those whose name includes one of a set of
- specified character strings, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> argument or combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
-> options.</P
-></LI
-><LI
-><P
->To clone every read/write volume at the specified location whose name includes one of one of a set of specified
- character strings, except those whose names include one of a different set of specified character strings, combine the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> arguments. The command creates a
- list of all volumes that match the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> argument and then removes from the list the
- volumes that match the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> argument. For effective results, the strings specified
- by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> argument must designate a subset of the volumes specified by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> argument.</P
-><P
->If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
-> flag is combined with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> arguments, the command creates a list of
- all volumes that do not match the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> argument and then adds to the list any
- volumes that match the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> argument. As when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
-> flag is not used, the result is effective only if the strings specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> argument designate a subset of the volumes specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> argument.</P
-></LI
-></UL
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> arguments both accept
- multiple values, which can be used to define disjoint groups of volumes. Each value can be one of two types: <OL
-TYPE="1"
-><LI
-><P
->A simple character string, which matches volumes whose name begin with the string. All characters are interpreted
- literally (that is, characters that potentially have special meaning to the command shell, such as the period, have only
- their literal meaning).</P
-></LI
-><LI
-><P
->A regular expression, which matches volumes whose names contain the expressions. Place a caret ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->^</B
-></SPAN
->) at the beginning of the expression, and enclose the entire string in single quotes ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->'</B
-></SPAN
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->'</B
-></SPAN
->). Explaining regular expressions is outside the scope of
- this reference page; see the UNIX manual page for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->regexp(5)</B
-></SPAN
-> or (for a brief
- introduction) <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->. As an example, the
- following expression matches volumes that have the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->aix</B
-></SPAN
-> anywhere in their names:
- <PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix '^.*aix'</B
-></SPAN
->
- </PRE
-></P
-></LI
-></OL
-></P
-><P
->To display a list of the volumes to be cloned, without actually cloning them, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag. To display a statement that summarizes the criteria being used to select volume, include
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-> flag.</P
-><P
->To back up a single volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command, which employs a more
- streamlined technique for finding a single volume.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ203"
->Automating Creation of Backup Volumes</A
-></H2
-><P
->Most cells find that it is best to make a new backup version of relevant volumes each day. It is best to create the
- backup versions at a time when usage is low, because the backup operation causes the read/write volume to be unavailable
- momentarily.</P
-><P
->You can either issue the necessary the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- backup</B
-></SPAN
-> commands at the console or create a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cron</B
-></SPAN
-> entry in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->BosConfig</B
-></SPAN
-> file on a file server machine, which eliminates the need for an administrator to initiate the
- backup operation.</P
-><P
->The following example command creates a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cron</B
-></SPAN
-> process called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backupusers</B
-></SPAN
-> in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/local/BosConfig</B
-></SPAN
-> file on the machine
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs3.abc.com</B
-></SPAN
->. The process runs every day at 1:00 a.m. to create a backup version of every
- volume in the cell whose name starts with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user</B
-></SPAN
->. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-localauth</B
-></SPAN
-> flag enables the process to invoke the privileged <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- backupsys</B
-></SPAN
-> command while unauthenticated. Note that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmd</B
-></SPAN
-> argument specifies a
- complete pathname for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> binary, because the PATH environment variable for the BOS
- Server (running as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->) generally does not include the path to AFS
- binaries. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos create fs3.abc.com backupusers cron</B
-></SPAN
->\
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cmd "/usr/afs/bin/vos backupsys -prefix user -localauth" "1:00"</B
-></SPAN
->
-</PRE
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ204"
->Making the Contents of Backup Volumes Available to Users</A
-></H2
-><P
->As noted, a backup volume preserves the state of the read/write source at the time the backup is created. Many cells
- choose to mount backup volumes so that users can access and restore data they have accidentally deleted or changed since the
- last backup was made, without having to request help from administrators. The most sensible place to mount the backup version
- of a user volume is at a subdirectory of the user's home directory. Suitable names for this directory include <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->OldFiles</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Backup</B
-></SPAN
->. The subdirectory looks just like the user's own
- home directory as it was at the time the backup was created, with all files and subdirectories in the same relative
- positions.</P
-><P
->If you do create and mount backup volumes for your users, inform users of their existence. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
-> IBM AFS User
- Guide</I
-></SPAN
-> does not mention backup volumes because making them available to users is optional. Explain to users how
- often you make a new backup, so they know what they can recover. Remind them also that the data in their backup volume cannot
- change; however, they can use the standard UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cp</B
-></SPAN
-> command to copy it into their home volume
- and modify it there. Reassure users that the data in their backup volumes does not count against their read/write volume
- quota.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ205"
->To create and mount a backup volume</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->) permissions on the ACL of the directory in which
- you wish to mount the volume. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully
- described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ206"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command to create a backup version of a
- read/write source volume. The message shown confirms the success of the backup operation. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->> Created backup volume for volume name or ID
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the read/write volume to back up, either by its complete name or volume ID number. The backup
- volume has the same name with the addition of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension. It has its
- own volume ID number.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ207"
-></A
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- mkmount</B
-></SPAN
-> to mount the backup volume. While this step is optional, Cache Managers cannot access the volume's
- contents if it is not mounted. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
->
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mkmount</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->directory</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point to create. Do not create a file or directory of the same name beforehand. Partial
- pathnames are interpreted relative to the current working directory. For the backup version of a user volume, the
- conventional location is the user's home directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name</B
-></SPAN
->.backup</DT
-><DD
-><P
->Is the full name of the backup volume.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> command to verify
- that the mount point refers to the correct volume. Complete instructions appear in <A
-HREF="c8420.html#HDRWQ211"
->To display a
- mount point</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_223"
->To create multiple backup volumes at once</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> command to create a backup version of every read/write
- volume that shares the same prefix or site. The effects of combining the three arguments are described in <A
-HREF="c8420.html#HDRWQ202"
->Backing Up Multiple Volumes at Once</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->common prefix on volume(s)</VAR
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->partition name</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->negative prefix on volume(s)</VAR
->>+] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backups</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backupsys</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more simple character strings or regular expressions of any length; a volume whose name
- includes the string is placed on the list of volumes to be cloned. Include field separators (such as periods) if
- appropriate. This argument can be combined with any combination of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> options.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the file server machine housing the volumes to backup. Can be combined with any combination of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> options.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the partition housing the volumes you wish to backup. Can be combined with any combination of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> options.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
-></DT
-><DD
-><P
->Indicates that all volumes except those indicated with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> argument
- are to be backed up. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> argument must be provided along with this one.
- Can also be combined with any combination of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments; or with both the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> arguments, but not with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-> argument alone.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-xprefix</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more simple character strings or regular expressions of any length; a volume whose name
- does not include the string is placed on the list of volumes to be cloned. Can be combined with any combination of
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments; in addition, it can be combined with both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-prefix</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
-> options, but not with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-exclude</B
-></SPAN
-> flag alone.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-></DT
-><DD
-><P
->Displays on the standard output stream a list of the volumes to be cloned, without actually cloning
- them.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose</B
-></SPAN
-></DT
-><DD
-><P
->Displays on the standard output stream a statement that summarizes the criteria being used to select
- volumes, if combined with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dryrun</B
-></SPAN
-> flag; otherwise, traces the cloning
- operation for each volume.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ208"
->Mounting Volumes</A
-></H1
-><P
->Mount points make the contents of AFS volumes visible and accessible in the AFS filespace, as described in <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->. This section discusses in more detail how the Cache Manager handles mount
- points as it traverses the filespace. It describes the three types of mount points, their purposes, and how to distinguish
- between them, and provides instructions for creating, removing, and examining mount points.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ209"
->The Rules of Mount Point Traversal</A
-></H2
-><P
->The Cache Manager observes three basic rules as it traverses the AFS filespace and encounters mount points:
- <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Rule 1:</B
-></SPAN
-> Access Backup and Read-only Volumes When Specified</P
-><P
->When the Cache Manager encounters a mount point that specifies a volume with either a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension, it accesses that type of
- volume only. If a mount point does not have either a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension, the Cache Manager uses Rules 2 and 3.</P
-><P
->For example, the Cache Manager never accesses the read/write version of a volume if the mount point names the
- backup version. If the specified version is inaccessible, the Cache Manager reports an error.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Rule 2:</B
-></SPAN
-> Follow the Read-only Path When Possible</P
-><P
->If a mount point resides in a read-only volume and the volume that it references is replicated, the Cache Manager
- attempts to access a read-only copy of the volume; if the referenced volume is not replicated, the Cache Manager
- accesses the read/write copy. The Cache Manager is thus said to prefer a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->read-only</I
-></SPAN
-> path through the
- filespace, accessing read-only volumes when they are available.</P
-><P
->The Cache Manager starts on the read-only path in the first place because it always accesses a read-only copy of
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume if it exists; the volume is mounted at the root of a cell's AFS
- filespace (named <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> by convention). That is, if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume is replicated, the Cache Manager attempts to access a read-only copy of it rather
- than the read/write copy. This rule then keeps the Cache Manager on a read-only path as long as each successive volume
- is replicated. The implication is that both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volumes must be replicated for the Cache Manager to access replicated volumes mounted
- below them in the AFS filespace. The volumes are conventionally mounted at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-> directories, respectively.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Rule 3:</B
-></SPAN
-> Once on a Read/write Path, Stay There</P
-><P
->If a mount point resides in a read/write volume and the volume name does not have a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension, the Cache Manager attempts to
- access only the a read/write version of the volume. The access attempt fails with an error if the read/write version is
- inaccessible, even if a read-only version is accessible. In this situation the Cache Manager is said to be on a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->read/write path</I
-></SPAN
-> and cannot switch back to the read-only path unless mount point explicitly names a
- volume with a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension. (Cellular mount points are an important exception to
- this rule, as explained in the following discussion.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ210"
->The Three Types of Mount Points</A
-></H2
-><P
->AFS uses three types of mount points, each appropriate for a different purpose because of how the Cache Manager handles
- them. <UL
-><LI
-><P
->When the Cache Manager crosses a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->regular</I
-></SPAN
-> mount point, it obeys all three of the mount point
- traversal rules previously described.</P
-><P
->AFS performs best when the vast majority of mount points in the filespace are regular, because the mount point
- traversal rules promote the most efficient use of both replicated and nonreplicated volumes. Because there are likely to
- be multiple read-only copies of a replicated volume, it makes sense for the Cache Manager to access one of them rather
- than the single read/write version, and the second rule leads it to do so. If a volume is not replicated, the third rule
- means that the Cache Manager still accesses the read/write volume when that is the only type available. In other words,
- a regular mount point does not force the Cache Manager always to access read-only volumes (it is explicitly not a
- "read-only mount point").</P
-><P
->To create a regular mount point, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->To enable the Cache Manager to access the read-only version of a replicated volume named by a regular mount
- point, all volumes that are mounted above it in the pathname must also be replicated. That is the only way the Cache
- Manager can stay on a read-only path to the target volume.</P
-></BLOCKQUOTE
-></DIV
-></LI
-><LI
-><P
->When the Cache Manager crosses a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->read/write</I
-></SPAN
-> mount point, it attempts to access only the
- volume version named in the mount point. If the volume name is the base (read/write) form, without a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension, the Cache Manager accesses the
- read/write version of the volume, even if it is replicated. In other words, the Cache Manager disregards the second
- mount point traversal rule when crossing a read/write mount point: it switches to the read/write path through the
- filespace.</P
-><P
->It is conventional to create only one read/write mount point in a cell's filespace, using it to mount the cell's
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume just below the AFS filespace root (by convention, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
->). As indicated, it is conventional to place a period at
- the start of the read/write mount point's name (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). The period
- distinguishes the read/write mount point from the regular mount point for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
->
- volume at the same level. This is the only case in which it is conventional to create two mount points for the same
- volume. A desirable side effect of this naming convention for this read/write mount point is that it does not appear in
- the output of the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> command unless the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-a</B
-></SPAN
-> flag
- is included, essentially hiding it from regular users who have no use for it.</P
-><P
->The existence of a single read/write mount point at this point in the filespace provides access to the read/write
- version of every volume when necessary, because it puts the Cache Manager on a read/write path right at the top of the
- filespace. At the same time, the regular mount point for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume puts the
- Cache Manager on a read-only path most of the time.</P
-><P
->Using a read/write mount point for a read-only or backup volume is acceptable, but unnecessary. The first rule of
- mount point traversal already specifies that the Cache Manager accesses them if the volume name in a regular mount point
- has a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension.</P
-><P
->To create a read/write mount point, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rw</B
-></SPAN
-> flag on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write
- mount point</A
->.</P
-></LI
-><LI
-><P
->When the Cache Manager crosses a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cellular</I
-></SPAN
-> mount point, it accesses the indicated volume in
- the specified cell, which is normally a foreign cell. (If the mount point does not name a cell along with the volume,
- the Cache Manager accesses the volume in the cell where the mount point resides.) When crossing a regular cellular mount
- point, the Cache Manager disregards the third mount point traversal rule. Instead, it accesses a read-only version of
- the volume if it is replicated, even if the volume that houses the mount point is read/write.</P
-><P
->It is inappropriate to circumvent this behavior by creating a read/write cellular mount point, because traversing
- the read/write path imposes an unfair load on the foreign cell's file server machines. The File Server must issue a
- callback for each file fetched from the read/write volume, rather than single callback required for a read-only volume.
- In any case, only a cell's own administrators generally need to access the read/write versions of replicated
- volumes.</P
-><P
->It is conventional to create cellular mount points only at the second level in a cell's filespace, using them to
- mount foreign cells' <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volumes just below the AFS filespace root (by
- convention, at <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->foreign_cellname</VAR
->). The mount point
- enables local users to access the foreign cell's filespace, assuming they have the necessary permissions on the ACL of
- the volume's root directory and that there is an entry for the foreign cell in each local client machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file, as described in <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of
- Database Server Machines</A
->.</P
-><P
->Creating cellular mount points at other levels in the filespace and mounting foreign volumes other than the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume is not generally appropriate. It can be confusing to users if the
- Cache Manager switches between cells at various points in a pathname.</P
-><P
->To create a regular cellular mount point, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument to specify the
- cell name, as described in <A
-HREF="c8420.html#HDRWQ213"
->To create a cellular mount point</A
->.</P
-></LI
-></UL
-></P
-><P
->To examine a mount point, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ211"
->To display a mount point</A
->. The command's output uses distinct notation to identify regular,
- read/write, and cellular mount points. To remove a mount point, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> command as
- described in <A
-HREF="c8420.html#HDRWQ215"
->To remove a mount point</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_227"
->Creating a mount point in a foreign cell</A
-></H2
-><P
->Creating a mount point in a foreign cell's filespace (as opposed to mounting a foreign volume in the local cell) is
- basically the same as creating a mount point in the local filespace. The differences are that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- mkmount</B
-></SPAN
-> command's directory argument specifies a pathname in the foreign cell rather than the local cell, and you
- must have the required permissions on the ACL of the foreign directory where you are creating the mount point. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument always specifies the cell in which
- the volume resides, not the cell in which to create the mount point.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ211"
->To display a mount point</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lsmount</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->directory</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point to display.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->If the specified directory is a mount point, the output is of the following form:</P
-><PRE
-CLASS="programlisting"
-> 'directory' is a mount point for volume 'volume name'
-</PRE
-><P
->For a regular mount point, a number sign (<SAMP
-CLASS="computeroutput"
->#</SAMP
->) precedes the volume name string, as in the
- following example command issued on a client machine in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> cell.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount /afs/abc.com/usr/terry</B
-></SPAN
->
- '/afs/abc.com/usr/terry' is a mount point for volume '#user.terry'
-</PRE
-><P
->For a read/write mount point, a percent sign (<SAMP
-CLASS="computeroutput"
->%</SAMP
->) precedes the volume name string, as in
- the following example command issued on a client machine in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> cell. The cell's
- administrators have followed the convention of preceding the read/write mount point's name with a period.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount /afs/.abc.com</B
-></SPAN
->
- '/afs/.abc.com' is a mount point for volume '%root.cell'
-</PRE
-><P
->For a cellular mount point, a cell name and colon (<SAMP
-CLASS="computeroutput"
->:</SAMP
->) follow the number or percent sign
- and precede the volume name string, as in the following example command issued on a client machine in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> cell.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount /afs/ghi.gov</B
-></SPAN
->
- '/afs/ghi.gov' is a mount point for volume '#ghi.gov:root.cell'
-</PRE
-><P
->For a symbolic link to a mount point, the output is of the form shown in the following example command issued on a
- client machine in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> cell.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount /afs/abc</B
-></SPAN
->
- '/afs/abc' is a symbolic link, leading to a mount point for volume '#root.cell'
-</PRE
-><P
->If the directory is not a mount point or is not in AFS, the output reads as follows.</P
-><PRE
-CLASS="programlisting"
-> 'directory' is not a mount point.
-</PRE
-><P
->If the output is garbled, it is possible that the mount point has become corrupted in the local cache. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs flushmount</B
-></SPAN
-> command as described in <A
-HREF="c21473.html#HDRWQ413"
->To flush one or more mount
- points</A
->. This forces the Cache Manager to refetch the mount point.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ212"
->To create a regular or read/write mount point</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permissions on the ACL of the directory where you
- are placing the mount point. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully
- described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to create the mount point. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rw</B
-></SPAN
-> flag if creating a read/write mount point. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rw</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mkmount</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->directory</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point to create. A file or directory with the same name cannot already exist. A partial
- pathname is interpreted relative to the current working directory.</P
-><P
->Specify the read/write path to the mount point, to avoid the failure that results when you attempt to create
- a new mount point in a read-only volume. By convention, you indicate the read/write path by placing a period
- before the cell name at the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->).
- For further discussion of the concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount Point Traversal</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the volume's full name, including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension for a backup or read-only volume, if appropriate.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rw</B
-></SPAN
-></DT
-><DD
-><P
->Creates a read/write mount point.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ213"
->To create a cellular mount point</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permissions on the ACL of the directory where you
- are placing the mount point. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully
- described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ214"
-></A
->If you are mounting one or more foreign cells' <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
->
- volume at the second level in your filespace and your cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume is
- replicated, you must create a temporary mount point for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume's read/write
- version in a directory on which the ACL grants you the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permissions. The following command creates a mount point called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->new_cells</B
-></SPAN
-> in your cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
->
- directory (the entry point to the read/write path in your cell).</P
-><P
->Substitute your cell's name for cellname.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd /afs/.</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount new_cells root.afs</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd new_cells</B
-></SPAN
->
-</PRE
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
->
- argument to create a cellular mount point. Repeat the command for each cellular mount point as required. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->cell name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mk</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mkmount</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->directory</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point to create. A file or directory with the same name cannot already exist. A partial
- pathname is interpreted relative to the current working directory. If you are mounting a foreign cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> volume, the standard value for this argument is the cell's complete Internet
- domain name.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the volume's full name, usually <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.cell</B
-></SPAN
-> for a cellular mount
- point.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete Internet domain name of the cell in which the volume resides.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If you performed the instructions in Step <A
-HREF="c8420.html#LIWQ214"
->2</A
->, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-> command to release the new version of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume to its
- read-only sites. (This command requires that you be listed in your cell's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, verify by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos
- listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To display the users in the UserList
- file</A
->.)</P
-><P
->Also issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkvolumes</B
-></SPAN
-> command to force the local Cache Manager to access
- the new replica of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root.afs</B
-></SPAN
-> volume. If desired, you can also remove the temporary
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->new_cells</B
-></SPAN
-> mount point from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
-> directory.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release root.afs</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkvolumes</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd /afs/.</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount new_cells</B
-></SPAN
->
-</PRE
-><P
->For your users to access a newly mounted foreign cell, you must also create an entry for it in each client machine's
- local <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file and either reboot the machine or use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs newcell</B
-></SPAN
-> command to insert the entry directly into its kernel memory. See the instructions in
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ215"
->To remove a mount point</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->) permission on
- the ACL of the directory from which you are removing the mount point. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> command to remove the mount point. The volume still exists,
- but its contents are inaccessible if this is the only mount point for it. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rm</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rmmount</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->directory</B
-></SPAN
-></DT
-><DD
-><P
->Names the mount point to remove. A partial pathname is interpreted relative to the current working
- directory.</P
-><P
->Specify the read/write path to the mount point, to avoid the failure that results when you attempt to delete
- a mount point from a read-only volume. By convention, you indicate the read/write path by placing a period before
- the cell name at the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For
- further discussion of the concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount Point Traversal</A
->.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ216"
->Displaying Information About Volumes</A
-></H1
-><P
->This section explains how to display information about volumes. If you know a volume's name or volume ID number, there are
- commands for displaying its VLDB entry, its volume header, or both. Other commands display the name or location of the volume
- that contains a specified file or directory.</P
-><P
->For instructions on displaying a volume's quota, see <A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume Quota and
- Current Size</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ217"
->Displaying VLDB Entries</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command displays the VLDB entry for the volumes indicated by the
- combination of arguments you provide. The possibilities are listed here from most to least inclusive: <UL
-><LI
-><P
->To display every entry in the VLDB, provide no arguments. It can take a long time to generate the output,
- depending on the number of entries.</P
-></LI
-><LI
-><P
->To display every VLDB entry that mentions a specific file server machine as the site of a volume, specify the
- machine's name with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument.</P
-></LI
-><LI
-><P
->To display every VLDB entry that mentions a certain partition on any file server machine as the site of a volume,
- specify the partition name with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument.</P
-></LI
-><LI
-><P
->To display every VLDB entry that mentions a certain partition on a certain file server machine as the site of a
- volume, combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
->
- arguments.</P
-></LI
-><LI
-><P
->To display a single VLDB entry, specify a volume name or ID number with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
->
- argument.</P
-></LI
-><LI
-><P
->To display the VLDB entry only for volumes with locked VLDB entries, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locked</B
-></SPAN
-> flag with any of the site definitions mentioned previously.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ218"
->To display VLDB entries</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->partition name</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locked</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvl</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvldb</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-></DT
-><DD
-><P
->Identifies one volume either by its complete name or volume ID number. Do not combine this argument with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Specifies a file server machine. Combine this argument with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
->
- argument if desired, but not with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></DT
-><DD
-><P
->Specifies a partition. Combine this argument with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument if
- desired, but not with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locked</B
-></SPAN
-></DT
-><DD
-><P
->Displays only locked VLDB entries. Combine this flag with any of the other options.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The VLDB entry for each volume includes the following information: <UL
-><LI
-><P
->The base (read/write) volume name. The read-only and backup versions have the same name with a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension, respectively.</P
-></LI
-><LI
-><P
->The volume ID numbers allocated to the versions of the volume that actually exist, in fields labeled
- <SAMP
-CLASS="computeroutput"
->RWrite</SAMP
-> for the read/write, <SAMP
-CLASS="computeroutput"
->ROnly</SAMP
-> for the read-only,
- <SAMP
-CLASS="computeroutput"
->Backup</SAMP
-> for the backup, and <SAMP
-CLASS="computeroutput"
->RClone</SAMP
-> for the
- ReleaseClone. (If a field does not appear, the corresponding version of the volume does not exist.) The appearance of
- the <SAMP
-CLASS="computeroutput"
->RClone</SAMP
-> field normally indicates that a release operation did not complete
- successfully; the <SAMP
-CLASS="computeroutput"
->Old release</SAMP
-> and <SAMP
-CLASS="computeroutput"
->New release</SAMP
-> flags
- often also appear on one or more of the site definition lines described just following.</P
-></LI
-><LI
-><P
->The number of sites that house a read/write or read-only copy of the volume, following the string
- <SAMP
-CLASS="computeroutput"
->number of sites -></SAMP
->.</P
-></LI
-><LI
-><P
->A line for each site that houses a read/write or read-only copy of the volume, specifying the file server machine,
- partition, and type of volume (<SAMP
-CLASS="computeroutput"
->RW</SAMP
-> for read/write or <SAMP
-CLASS="computeroutput"
->RO</SAMP
->
- for read-only). If a backup version exists, it is understood to share the read/write site. Several flags can appear with
- a site definition: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->Not released</SAMP
-></DT
-><DD
-><P
->Indicates that the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command has not been issued since the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> command was used to define the read-only site.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->Old release</SAMP
-></DT
-><DD
-><P
->Indicates that a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command did not complete successfully,
- leaving the previous, obsolete version of the volume at this site.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->New release</SAMP
-></DT
-><DD
-><P
->Indicates that a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command did not complete successfully, but
- that this site did receive the correct new version of the volume.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If the VLDB entry is locked, the string <SAMP
-CLASS="computeroutput"
->Volume is currently LOCKED</SAMP
->.</P
-></LI
-></UL
-></P
-><P
->For further discussion of the <SAMP
-CLASS="computeroutput"
->New release</SAMP
-> and <SAMP
-CLASS="computeroutput"
->Old
- release</SAMP
-> flags, see <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->.</P
-><P
->An example of this command and its output for a single volume:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb user.terry</B
-></SPAN
->
- user.terry
- RWrite: 50489902 Backup: 50489904
- number of sites -> 1
- server fs3.abc.com partition /vicepc RW Site
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ219"
->Displaying Volume Headers</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> command displays the volume header for every volume on one or all
- partitions on a file server machine. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> command interpreter obtains the information from
- the Volume Server on the specified machine. You can control the amount of information displayed by including one of the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fast</B
-></SPAN
->, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
->, or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extended</B
-></SPAN
-> flags described following the instructions in <A
-HREF="c8420.html#HDRWQ220"
->To display volume
- headers</A
->.</P
-><P
->To display a single volume's volume header of one volume only, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
->
- command as described in <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ220"
->To display volume headers</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->partition name</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fast</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extended</B
-></SPAN
->]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvo</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listvol</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine for which to display volume headers. Provide this argument alone or with the
- partition name argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Names one partition on the file server machine named by the machine name argument, which must be provided
- along with this one.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fast</B
-></SPAN
-></DT
-><DD
-><P
->Displays only the volume ID numbers of relevant volumes. Do not combine this flag with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extended</B
-></SPAN
-> flag.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-></DT
-><DD
-><P
->Displays more detailed information about each volume. Do not combine this flag with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fast</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extended</B
-></SPAN
-> flag.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extended</B
-></SPAN
-></DT
-><DD
-><P
->Displays all of the information displayed by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag, plus tables of
- statistics about reads and writes to the files in the volume. Do not combine this flag with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fast</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The output is ordered alphabetically by volume name and by default provides the following information on a single line
- for each volume: <UL
-><LI
-><P
->Name</P
-></LI
-><LI
-><P
->Volume ID number</P
-></LI
-><LI
-><P
->Type (the flag is <SAMP
-CLASS="computeroutput"
->RW</SAMP
-> for read/write, <SAMP
-CLASS="computeroutput"
->RO</SAMP
-> for
- read-only, <SAMP
-CLASS="computeroutput"
->BK</SAMP
-> for backup)</P
-></LI
-><LI
-><P
->Size in kilobytes (<SAMP
-CLASS="computeroutput"
->1024</SAMP
-> equals a megabyte)</P
-></LI
-><LI
-><P
->Number of files in the volume, if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extended</B
-></SPAN
-> flag is provided</P
-></LI
-><LI
-><P
->Status on the file server machine, which is one of the following: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SAMP
-CLASS="computeroutput"
->On-line</SAMP
-></DT
-><DD
-><P
->The volume is completely accessible to Cache Managers.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->Off-line</SAMP
-></DT
-><DD
-><P
->The volume is not accessible to Cache Managers, but does not seem to be corrupted. This status appears
- while a volume is being dumped, for example.</P
-></DD
-><DT
-><SAMP
-CLASS="computeroutput"
->Off-line**needs salvage**</SAMP
-></DT
-><DD
-><P
->The volume is not accessible to Cache Managers, because it seems to be corrupted. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->salvager</B
-></SPAN
-> command to repair the
- corruption.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></UL
-></P
-><P
->If the following message appears instead of the previously listed information, it indicates that a volume is not
- accessible to Cache Managers or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> command interpreter, for example because a clone is
- being created.</P
-><PRE
-CLASS="programlisting"
-> **** Volume volume_ID is busy ****
-</PRE
-><P
->If the following message appears instead of the previously listed information, it indicates that the File Server is
- unable to attach the volume, perhaps because it is seriously corrupted. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->FileLog</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->VolserLog</B
-></SPAN
-> log files in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs</B
-></SPAN
-> directory on the
- file server machine possibly provide additional information; use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos getlog</B
-></SPAN
-> command to
- display them.</P
-><PRE
-CLASS="programlisting"
-> **** Could not attach volume volume_ID ****
-</PRE
-><P
->(For instructions on salvaging a corrupted or unattached volume, see <A
-HREF="c8420.html#HDRWQ232"
->Salvaging
- Volumes</A
->.)</P
-><P
->The information about individual volumes is bracketed by summary lines. The first line of output specifies the number of
- volumes in the listing. The last line of output summarizes the number of volumes that are online, offline, and busy, as in the
- following example:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol fs2.abc.com /vicepb</B
-></SPAN
->
- Total number of volumes on server fs2.abc.com \
- partition /vicepb : 66
- sys 1969534847 RW 1582 K On-line
- sys.backup 1969535105 BK 1582 K On-line
- . . . . . .
- . . . . . .
- user.pat 1969534536 RW 17518 K On-line
- user.pat.backup 1969534538 BK 17537 K On-line
- Total volumes onLine 66 ; Total volumes offLine 0 ; Total busy 0
-</PRE
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Output with the -fast Flag</B
-></SPAN
-></P
-><P
->If you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fast</B
-></SPAN
-> flag displays only the volume ID number of each volume,
- arranged in increasing numerical order, as in the following example. The final line (which summarizes the number of on-line,
- off-line, and busy volumes) is omitted.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol fs3.abc.com /vicepa -f</B
-></SPAN
->
- Total number of volumes on server fs3.abc.com \
- partition /vicepa: 37
- 50489902
- 50489904
- .
- .
- 35970325
- 49732810
-</PRE
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Output with the -long Flag</B
-></SPAN
-></P
-><P
->When you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag, , the output for each volume includes all of the
- information in the default listing plus the following. Each item in this list corresponds to a separate line of output:
- <UL
-><LI
-><P
->The file server machine and partition that house the volume, as determined by the command interpreter as the
- command runs, rather than derived from the VLDB or the volume header.</P
-></LI
-><LI
-><P
->The volume ID numbers associated with the various versions of the volume: read/write
- (<SAMP
-CLASS="computeroutput"
->RWrite</SAMP
->), read-only (<SAMP
-CLASS="computeroutput"
->ROnly</SAMP
->), backup
- (<SAMP
-CLASS="computeroutput"
->Backup</SAMP
->), and ReleaseClone (<SAMP
-CLASS="computeroutput"
->RClone</SAMP
->). One of them
- matches the volume ID number that appears on the first line of the volume's output. If the value in the
- <SAMP
-CLASS="computeroutput"
->RWrite</SAMP
->, <SAMP
-CLASS="computeroutput"
->ROnly</SAMP
->, or
- <SAMP
-CLASS="computeroutput"
->Backup</SAMP
-> field is <SAMP
-CLASS="computeroutput"
->0</SAMP
-> (zero), there is no volume of that
- type. If there is currently no ReleaseClone, the <SAMP
-CLASS="computeroutput"
->RClone</SAMP
-> field does not appear at
- all.</P
-></LI
-><LI
-><P
->The maximum space quota allotted to the read/write copy of the volume, expressed in kilobyte blocks in the
- <SAMP
-CLASS="computeroutput"
->MaxQuota</SAMP
-> field.</P
-></LI
-><LI
-><P
->The date and time the volume was created, in the <SAMP
-CLASS="computeroutput"
->Creation</SAMP
-> field. If the volume
- has been restored with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup diskrestore</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->backup
- volrestore</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-> command, this is the restore time.</P
-></LI
-><LI
-><P
->The date and time when the contents of the volume last changed, in the <SAMP
-CLASS="computeroutput"
->Last
- Update</SAMP
-> field. For read-only and backup volumes, it matches the timestamp in the
- <SAMP
-CLASS="computeroutput"
->Creation</SAMP
-> field.</P
-></LI
-><LI
-><P
->The number of times the volume has been accessed for a fetch or store operation since the later of the two
- following times: <UL
-><LI
-><P
->12:00 a.m. on the day the command is issued</P
-></LI
-><LI
-><P
->The last time the volume changed location</P
-></LI
-></UL
-></P
-></LI
-></UL
-></P
-><P
->An example of the output when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag is included:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol fs2.abc.com b -long</B
-></SPAN
->
- Total number of volumes on server fs2.abc.com
- partition /vicepb: 66
- . . . . . .
- . . . . . .
- user.pat 1969534536 RW 17518 K On-line
- fs2.abc.com /vicepb
- RWrite 1969534536 ROnly 0 Backup 1969534538
- MaxQuota 20000 K
- Creation Mon Jun 12 09:02:25 1989
- Last Update Thu Jan 4 17:39:34 1990
- 1573 accesses in the past day (i.e., vnode references)
- user.pat.backup 1969534538 BK 17537 K On-line
- fs2.abc.com /vicepb
- RWrite 1969534536 ROnly 0 Backup 1969534538
- MaxQuota 20000 K
- Creation Fri Jan 5 06:37:59 1990
- Last Update Fri Jan 5 06:37:59 1990
- 0 accesses in the past day (i.e., vnode references)
- . . . . .
- . . . . .
- Total volumes onLine 66 ; Total volumes offLine 0 ; Total busy 0
-</PRE
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Output with the -extended Flag</B
-></SPAN
-></P
-><P
->When you include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extended</B
-></SPAN
-> flag, the output for each volume includes all of the
- information reported with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag, plus two tables of statistics: <UL
-><LI
-><P
->The table labeled <SAMP
-CLASS="computeroutput"
->Raw Read/Write Stats</SAMP
-> table summarizes the number of times the
- volume has been accessed for reading or writing.</P
-></LI
-><LI
-><P
->The table labeled <SAMP
-CLASS="computeroutput"
->Writes Affecting Authorship</SAMP
-> table contains information on
- writes made to files and directories in the specified volume.</P
-></LI
-></UL
-></P
-><P
->An example of the output when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-extended</B
-></SPAN
-> flag is included:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol fs3.abc.com a -extended</B
-></SPAN
->
- common.bboards 1969535592 RW 23149 K used 9401 files On-line
- fs3.abc.com /vicepa
- RWrite 1969535592 ROnly 0 Backup 1969535594
- MaxQuota 30000 K
- Creation Mon Mar 8 14:26:05 1999
- Last Update Mon Apr 26 09:20:43 1999
- 11533 accesses in the past day (i.e., vnode references)
- Raw Read/Write Stats
- |-------------------------------------------|
- | Same Network | Diff Network |
- |----------|----------|----------|----------|
- | Total | Auth | Total | Auth |
- |----------|----------|----------|----------|
- Reads | 151 | 151 | 1092 | 1068 |
- Writes | 3 | 3 | 324 | 324 |
- |-------------------------------------------|
- Writes Affecting Authorship
- |-------------------------------------------|
- | File Authorship | Directory Authorship|
- |----------|----------|----------|----------|
- | Same | Diff | Same | Diff |
- |----------|----------|----------|----------|
- 0-60 sec | 92 | 0 | 100 | 4 |
- 1-10 min | 1 | 0 | 14 | 6 |
- 10min-1hr | 0 | 0 | 19 | 4 |
- 1hr-1day | 1 | 0 | 13 | 0 |
- 1day-1wk | 1 | 0 | 1 | 0 |
- > 1wk | 0 | 0 | 0 | 0 |
- |-------------------------------------------|
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command displays information from both the VLDB and the volume header
- for a single volume. There is some redundancy in the information from the two sources, which allows you to compare the VLDB
- and volume header.</P
-><P
->Because the volume header for each version of a volume (read/write, read-only, and backup) is different, you can specify
- which one to display. Include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
->
- extension on the volume name or ID argument as appropriate. The information from the VLDB is the same for all three
- versions.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ222"
->To display one volume's VLDB entry and volume header</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->e</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->examine</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Identifies one volume either by its complete name or volume ID number. It can be a read/write, read-only, or
- backup type. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
->
- extension if appropriate.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The top part of the output displays the same information from a volume header as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- listvol</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-long</B
-></SPAN
-> flag, as described following the instructions in
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->. If you specify the read-only version of the volume and it exists at
- more than one site, the output includes all of them. The bottom part of the output lists the same information from the VLDB as
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command, as described following the instructions in <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->.</P
-><P
->Below is an example for a volume whose VLDB entry is currently locked.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine user.terry</B
-></SPAN
->
- user.terry 536870981 RW 3459 K On-line
- fs3.abc.com /vicepa
- Write 5360870981 ROnly 0 Backup 536870983
- MaxQuota 40000 K
- Creation Mon Jun 12 15:22:06 1989
- Last Update Fri Jun 16 09:34:35 1989
- 5719 accesses in the past day (i.e., vnode references)
- RWrite: 5360870981 Backup: 536870983
- number of sites -> 1
- server fs3.abc.com partition /vicepa RW Site
- Volume is currently LOCKED
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
-></H2
-><P
->This section explains how to learn the name, volume ID number, or location of the volume that contains a file or
- directory.</P
-><P
->You can also use one piece of information about a volume (for example, its name) to obtain other information about it
- (for example, its location). The following list points you to the relevant instructions: <UL
-><LI
-><P
->To use a volume's name to learn the volume ID numbers of all its existing versions, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ222"
->To display one volume's VLDB entry
- and volume header</A
->.</P
-><P
->You can also use the command to learn a volume's name by providing its ID number.</P
-></LI
-><LI
-><P
->To use a volume's name or ID number to learn its location, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
->
- command as described in <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ224"
->To display the name of the volume that contains a file</A
-></H3
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lq</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listquota</B
-></SPAN
->(and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listq</B
-></SPAN
-> the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names a directory or file housed in the volume for which to display the name. Partial pathnames are
- interpreted relative to the current working directory, which is the default if this argument is omitted.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The following is an example of the output:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota /afs/abc.com/usr/terry</B
-></SPAN
->
- Volume Name Quota Used % Used Partition
- user.terry 15000 5071 34% 86%
-</PRE
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ225"
->To display the ID number of the volume that contains a file</A
-></H3
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exa</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->examine</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names a directory or file housed in the volume for which to display the volume ID. Partial pathnames are
- interpreted relative to the current working directory, which is the default if this argument is omitted.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The following example illustrates how the output reports the volume ID number in the
- <SAMP
-CLASS="computeroutput"
->vid</SAMP
-> field.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine /afs/abc.com/usr/terry</B
-></SPAN
->
- Volume status for vid = 50489902 named user.terry
- Current maximum quota is 15000
- Current blocks used are 5073
- The partition has 46383 blocks available out of 333305
-</PRE
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The partition-related statistics in this command's output do not always agree with the corresponding values in the
- output of the standard UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->df</B
-></SPAN
-> command. The statistics reported by this command can be up
- to five minutes old, because the Cache Manager polls the File Server for partition information at that frequency. Also, on
- some operating systems, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->df</B
-></SPAN
-> command's report of partition size includes reserved space
- not included in this command's calculation, and so is likely to be about 10% larger.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_242"
->To display the location of the volume that contains a file</A
-></H3
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis</B
-></SPAN
-> command to display the name of the file server machine that
- houses the volume containing a file or directory. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->whe</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->whereis</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names a directory or file for which to report the location. Partial pathnames are interpreted relative to
- the current working directory, which is the default if this argument is omitted.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The output displays the file server machine that houses the volume containing the file, as in the following
- example:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis /afs/abc.com/user/terry</B
-></SPAN
->
- File /afs/abc.com/usr/terry is on host fs2.abc.com
-</PRE
-></LI
-><LI
-><P
->If you also want to know which partition houses the volume, first issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listquota</B
-></SPAN
-> command to display the volume's name. For complete syntax, see <A
-HREF="c8420.html#HDRWQ224"
->To display
- the name of the volume that contains a file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Then issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command, providing the volume name as the volume name
- or ID argument. For complete syntax and a description of the output, see <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB
- entries</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ226"
->Moving Volumes</A
-></H1
-><P
->There are three main reasons to move volumes: <UL
-><LI
-><P
->To place volumes on other partitions or machines temporarily while repairing or replacing a disk or file server
- machine.</P
-></LI
-><LI
-><P
-> To free space on a partition that is becoming overcrowded. One symptom of overcrowding is that users cannot
- to save files even though the relevant volume is below its quota. The following error message confirms the problem:
- <PRE
-CLASS="programlisting"
-> afs: failed to store file (partition full)
-</PRE
-></P
-><P
->You can track available space on AFS server partitions by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->scout</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->afsmonitor</B
-></SPAN
-> programs described in <A
-HREF="c18360.html"
->Monitoring and Auditing AFS
- Performance</A
->.</P
-></LI
-><LI
-><P
->A file server machine is becoming overloaded because it houses many more volumes than other machines of the same
- size, or has volumes with more popular files in them.</P
-></LI
-></UL
-></P
-><P
->To move a read/write volume, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos move</B
-></SPAN
-> command as described in the following
- instructions. Before attempting to move the volume, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> command interpreter verifies that
- there is enough free space for it on the destination partition. If not, it does not attempt the move operation and prints the
- following message.</P
-><PRE
-CLASS="programlisting"
-> vos: no space on target partition destination_part to move volume volume
-</PRE
-><P
->To move a read-only volume, you actually remove the volume from the current site by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- remove</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ236"
->To remove a volume and unmount it</A
->. Then define a new
- site and release the volume to it by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-> commands as described in <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only
- volume)</A
->.</P
-><P
->A backup volume always resides at the same site as its read/write source volume, so you cannot move a backup volume except
- as part of moving the read/write source. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos move</B
-></SPAN
-> command automatically deletes the backup
- version when you move a read/write volume. To create a new backup volume at the new site as soon as the move operation
- completes, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ205"
->To create and
- mount a backup volume</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_244"
->To move a read/write volume</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos move</B
-></SPAN
-> command to move the volume. Type it on a single line; it appears
- on multiple lines here only for legibility. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos move</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->> \ <<VAR
-CLASS="replaceable"
->machine name on source</VAR
->>
- <<VAR
-CLASS="replaceable"
->partition name on source </VAR
->> \ <<VAR
-CLASS="replaceable"
->machine name on destination</VAR
->> <partition name on
- destination>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->move</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or volume ID number of the read/write volume to move.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name on source</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine currently housing the volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name on source</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition currently housing the volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name on destination</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine to which to move the volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name on destination</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition to which to move the volume.</P
-></DD
-></DL
-></DIV
-></P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->It is best not to halt a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos move</B
-></SPAN
-> operation before it completes, because parts of
- the volume can be left on both the source and destination machines. For more information, see the command's reference
- page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
-> IBM AFS Administration Reference</I
-></SPAN
->.</P
-></BLOCKQUOTE
-></DIV
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command to
- confirm the success of the move. Complete instructions appear in <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If a backup version existed at the read/write volume's previous site, create a new backup at the new site by issuing
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command, which is fully described in <A
-HREF="c8420.html#HDRWQ205"
->To create
- and mount a backup volume</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
-></H1
-><P
->AFS can provide transparent file access because the Volume Location Database (VLDB) constantly tracks volume locations.
- When the Cache Manager needs a file, it contacts the Volume Location (VL) Server, which reads the VLDB for the current location
- of the volume containing the file. Therefore, the VLDB must accurately reflect the state of volumes on the file server machines
- at all times. The Volume Server and VL Server automatically update a volume's VLDB entry when its status changes during a
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> operation, by performing the following series of steps. <OL
-TYPE="1"
-><LI
-><P
-><A
-NAME="LIWQ228"
-></A
->The VL Server locks the VLDB entry. The lock advises other operations not to manipulate any
- of the volume versions (read/write, read-only, or backup), which prevents the inconsistency that can result from multiple
- simultaneous operations.</P
-></LI
-><LI
-><P
-> <A
-NAME="LIWQ229"
-></A
->The VL Server sets an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->intention flag</I
-></SPAN
-> in the VLDB entry that
- indicates the kind of operation to be performed. This flag never appears in VLDB listings because it is for internal use
- only. In case the operation terminates prematurely, this flag tells the Salvager which operation was interrupted. (The
- Salvager then determines the steps necessary either to complete the operation or return the volume to a previous
- consistent state. For more information on salvaging, see <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->.)</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ230"
-></A
->The Volume Server manipulates the volume. It usually sets the
- <SAMP
-CLASS="computeroutput"
->Off-line</SAMP
-> flag in the volume header, which makes the volume inaccessible to the File
- Server and other Volume Server operations during the manipulation. When the operation completes, the volume is again
- marked <SAMP
-CLASS="computeroutput"
->On-line</SAMP
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ231"
-></A
->The VL Server records any changes resulting from the operation in the VLDB entry. Once the
- operation is complete, it removes the intention flag set in Step <A
-HREF="c8420.html#LIWQ229"
->2</A
->and releases the lock set
- in Step <A
-HREF="c8420.html#LIWQ228"
->1</A
->.</P
-></LI
-></OL
-></P
-><P
->If a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> operation fails while the Volume Server is manipulating the volume
- (corresponding to Step <A
-HREF="c8420.html#LIWQ230"
->3</A
->), the volume can be left in an intermediate state, which is termed
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->corruption</I
-></SPAN
->. In this case, the <SAMP
-CLASS="computeroutput"
->Off-line</SAMP
-> or <SAMP
-CLASS="computeroutput"
->Off-line**needs
- salvage**</SAMP
-> marker usually appears at the end of the first line of output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- examine</B
-></SPAN
-> command. To repair the corruption, run the Salvager before attempting to resynchronize the VLDB and volume
- headers. For salvaging instructions, see <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->.</P
-><P
->More commonly, an interruption while flags are being set or removed (corresponding to Step <A
-HREF="c8420.html#LIWQ228"
->1</A
->, Step <A
-HREF="c8420.html#LIWQ229"
->2</A
->, or Step <A
-HREF="c8420.html#LIWQ231"
->4</A
->) causes a
- discrepancy between the VLDB and volume headers. To resynchronize the VLDB and volumes, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- syncvldb</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> commands. To achieve complete VLDB consistency, it is best
- to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncvldb</B
-></SPAN
-> command on all file server machines in the cell, and then run the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> command on all file server machines in the cell.</P
-><P
->There are several symptoms that indicate a volume operation failed: <UL
-><LI
-><P
->Error messages on the standard error stream or in server process log files indicate that an operation terminated
- abnormally. Perhaps you had to halt the operation before it completed (for instance, by using a signal such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->), or a file server machine or server process was not functioning when the operation ran. To
- determine if a machine or process is still not functioning, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command
- as described in <A
-HREF="c6449.html#HDRWQ158"
->Displaying Process Status and Information from the BosConfig File</A
->.</P
-></LI
-><LI
-><P
->A subsequent <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> operation fails because a previous failure left a VLDB entry
- locked. Sometimes an error message reports that a volume is locked. To display a list of locked volumes, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locked</B
-></SPAN
-> flag on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ217"
->Displaying VLDB Entries</A
->.</P
-><P
->If the only problem with a volume is that its VLDB entry is locked, you probably do not need to synchronize the
- entire VLDB. Instead use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlock</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- unlockvldb</B
-></SPAN
-> command to unlock the entry, as described in <A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB
- Entries</A
->.</P
-></LI
-><LI
-><P
->A subsequent <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> operation fails because a previous failure left a volume marked as
- offline. To check a volume's current status, check the first line of output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- examine</B
-></SPAN
-> command as described in <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume
- Header</A
->.</P
-></LI
-></UL
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncvldb</B
-></SPAN
-> command corrects the information in the Volume Location Database (VLDB)
- either about all volumes housed on a file server machine, about the volumes on just one partition, or about a single volume. If
- checking about one or more partitions, the command contacts the Volume Server to obtain a list of the volumes that actually
- reside on each partition. It then obtains the VLDB entry for each volume from the VL Server. It changes the VLDB entry as
- necessary to reflect the state of the volume on the partition. For example, it creates or updates a VLDB entry when it finds a
- volume for which the VLDB entry is missing or incomplete. However, if there is already a VLDB entry that defines a different
- location for the volume, or there are irreconcilable conflicts with other VLDB entries, it instead writes a message about the
- conflict to the standard error stream. The command never removes volumes from the file server machine.</P
-><P
->When checking a single volume's VLDB entry, the command also automatically performs the operations invoked by the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> command: it not only verifies that the VLDB entry is correct for the specified
- volume type (read/write, backup, or read-only), but also checks that any related volume types mentioned in the VLDB entry
- actually exist at the site listed in the entry.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> command verifies that each volume type (read/write, read-only, and
- backup) mentioned in a VLDB entry actually exists at the site indicated in the entry. It checks all VLDB entries that mention a
- site either on any of a file server machine's partitions or on one partition. Note that command can end up inspecting sites
- other than on the specified machine or partition, if there are read-only versions of the volume at sites other than the
- read/write site.</P
-><P
->The command alters any incorrect information in the VLDB, unless there is an irreconcilable conflict with other VLDB
- entries. In that case, it writes a message to the standard error stream instead. The command never removes volumes from their
- sites.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_246"
->To synchronize the VLDB with volume headers</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIVOL-SYNCVL"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncvldb</B
-></SPAN
-> command to make the VLDB reflect
- the true state of all volumes on a machine or partition, or the state of one volume.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->To synchronize the VLDB completely, issue the command repeatedly, substituting each file server machine in your
- cell for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument in turn and omitting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> arguments, before proceeding to Step
- <A
-HREF="c8420.html#LIVOL-SYNCSR"
->3</A
->.</P
-></BLOCKQUOTE
-></DIV
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncvldb -server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->partition name</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose >></B
-></SPAN
-> file]
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->syncv</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->syncvldb</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine housing the volumes for which to verify VLDB entries. If you are also
- providing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument, this argument must name the machine where the
- volume actually resides.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the partition (on the file server machine specified by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument) housing the volumes for which to verify VLDB entries. In general, it is
- best to omit this argument so that either the VLDB entries for all volumes on a server machine are corrected (if
- you do not provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument), or so that you do not need to guarantee
- that the partition actually houses the volume named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
->
- argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or volume ID number of a single volume for which to verify the VLDB entry.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-verbose >> file</B
-></SPAN
-></DT
-><DD
-><P
->Directs a detailed trace to the file called file, which can be either in AFS or on the local disk of the
- machine on which you are issuing the command. The command often writes a large amount of output to the standard
- output stream; writing it to a file enables you to examine the output more carefully.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIVOL-SYNCSR"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> command to inspect each volume
- for which the VLDB lists a version at the specified site.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->To synchronize the VLDB completely, issue the command repeatedly, substituting each file server machine in your
- cell for the machine name argument in turn and omitting the partition name argument.</P
-></BLOCKQUOTE
-></DIV
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->partition name</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-v >></B
-></SPAN
-> file]
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->syncs</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->syncserv</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine mentioned in each VLDB entry to check.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the partition mentioned in each VLDB entry to check. If synchronizing the entire VLDB, omit this
- argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-v >> file</B
-></SPAN
-></DT
-><DD
-><P
->Directs a detailed trace to the file called file, which can be either in AFS or on the local disk of the
- machine on which you are issuing the command. The command often writes a large amount of output to the standard
- output stream; writing it to a file enables you to examine the output more carefully.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ232"
->Salvaging Volumes</A
-></H1
-><P
->An unexpected interruption while the Volume Server or File Server is manipulating the data in a volume can leave the
- volume in an intermediate state (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->corrupted</I
-></SPAN
->), rather than just creating a discrepancy between the
- information in the VLDB and volume headers. For example, the failure of the operation that saves changes to a file (by
- overwriting old data with new) can leave the old and new data mixed together on the disk.</P
-><P
->If an operation halts because the Volume Server or File Server exits unexpectedly, the BOS Server automatically shuts down
- all components of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process and invokes the Salvager. The Salvager checks for and repairs
- any inconsistencies it can. Sometimes, however, there are symptoms of the following sort, which indicate corruption serious
- enough to create problems but not serious enough to cause the File Server component to fail. In these cases you can invoke the
- Salvager yourself by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage</B
-></SPAN
-> command. <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Symptom:</B
-></SPAN
-> A file appears in the output of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
->
- command, but attempts to access the file fail with messages indicating that it does not exist.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Possible cause:</B
-></SPAN
-> The Volume Server or File Server exited in the middle of a
- file-creation operation, after changing the directory structure, but before actually storing data. (Other possible causes
- are that the ACL on the directory does not grant the permissions you need to access the file, or there is a process,
- machine, or network outage. Check for these causes before assuming the file is corrupted.)</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Salvager's solution:</B
-></SPAN
-> Remove the file's entry from the directory structure.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Symptom:</B
-></SPAN
-> A volume is marked <SAMP
-CLASS="computeroutput"
->Off-line</SAMP
-> in the output
- from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> commands, or
- attempts to access the volume fail.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Possible cause:</B
-></SPAN
-> Two files or versions of a file are sharing the same disk blocks
- because of an interrupted operation. The File Server and Volume Server normally refuse to attach volumes that exhibit this
- type of corruption, because it can be very dangerous. If the Volume Server or File Server do attach the volume but are
- unsure of the status of the affected disk blocks, they sometimes try to write yet more data there. When they cannot
- perform the write, the data is lost. This effect can cascade, causing loss of all data on a partition.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Salvager's solution:</B
-></SPAN
-> Delete the data from the corrupted disk blocks in preference
- to losing an entire partition.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Symptom:</B
-></SPAN
-> There is less space available on the partition than you expect based on
- the size statistic reported for each volume by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> command.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Possible cause:</B
-></SPAN
-> There are orphaned files and directories. An
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->orphaned</I
-></SPAN
-> element is completely inaccessible because it is not referenced by any directory that can
- act as its parent (is higher in the file tree). An orphaned element is not counted in the calculation of a volume's size
- (or against its quota), even though it occupies space on the server partition.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Salvager's solution:</B
-></SPAN
-> By default, print a message to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/SalvageLog</B
-></SPAN
-> file reporting how many orphans were found and the approximate number of
- kilobytes they are consuming. You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-orphans</B
-></SPAN
-> argument to remove or attach
- orphaned elements instead. See <A
-HREF="c8420.html#HDRWQ233"
->To salvage volumes</A
->.</P
-></LI
-></UL
-></P
-><P
->When you notice symptoms such as these, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage</B
-></SPAN
-> command to invoke the
- Salvager before corruption spreads. (Even though it operates on volumes, the command belongs to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos</B
-></SPAN
-> suite because the BOS Server must coordinate the shutdown and restart of the Volume Server and File
- Server with the Salvager. It shuts them down before the Salvager starts, and automatically restarts them when the salvage
- operation finishes.)</P
-><P
->All of the AFS data stored on a file server machine is inaccessible during the salvage of one or more partitions. If you
- salvage just one volume, it alone is inaccessible.</P
-><P
->When processing one or more partitions, the command restores consistency to corrupted read/write volumes where possible.
- For read-only or backup volumes, it inspects only the volume header: <UL
-><LI
-><P
->If the volume header is corrupted, the Salvager removes the volume completely and records the removal in its log
- file, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/SalvageLog</B
-></SPAN
->. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command to create the read-only or backup volume again.</P
-></LI
-><LI
-><P
->If the volume header is intact, the Salvager skips the volume (does not check for corruption in the contents).
- However, if the File Server notices corruption as it initializes, it sometimes refuses to attach the volume or bring it
- online. In this case, it is simplest to remove the volume by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos zap</B
-></SPAN
-> command. Then issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command to create it again.</P
-></LI
-></UL
-></P
-><P
->Combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage</B
-></SPAN
-> command's arguments as indicated to salvage different numbers of
- volumes: <UL
-><LI
-><P
->To salvage all volumes on a file server machine, combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument and
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-> flag.</P
-></LI
-><LI
-><P
->To salvage all volumes on one partition, combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments.</P
-></LI
-><LI
-><P
->To salvage only one read/write volume, combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> arguments. Only that volume is
- inaccessible to Cache Managers, because the BOS Server does not shutdown the File Server and Volume Server processes
- during the salvage of a single volume. Do not name a read-only or backup volume with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument. Instead, remove the volume, using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
->
- or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos zap</B
-></SPAN
-> command. Then create a new copy of the volume with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command.</P
-></LI
-></UL
-></P
-><P
->The Salvager always writes a trace to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/SalvageLog</B
-></SPAN
-> file on the file
- server machine where it runs. To record the trace in another file as well (either in AFS or on the local disk of the machine
- where you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage</B
-></SPAN
-> command), name the file with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument. Or, to display the trace on the standard output stream as it is written to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/SalvageLog</B
-></SPAN
-> file, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showlog</B
-></SPAN
-> flag.</P
-><P
->By default, multiple Salvager subprocesses run in parallel: one for each partition up to four, and four subprocesses for
- four or more partitions. To increase or decrease the number of subprocesses running in parallel, provide a positive integer
- value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-parallel</B
-></SPAN
-> argument.</P
-><P
->If there is more than one server partition on a physical disk, the Salvager by default salvages them serially to avoid the
- inefficiency of constantly moving the disk head from one partition to another. However, this strategy is often not ideal if the
- partitions are configured as logical volumes that span multiple disks. To force the Salvager to salvage logical volumes in
- parallel, provide the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-> as the value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-parallel</B
-></SPAN
-> argument. Provide a positive integer to specify the number of subprocesses to run in parallel
- (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-parallel 5all</B
-></SPAN
-> for five subprocesses), or omit the integer to run up to four
- subprocesses, depending on the number of logical volumes being salvaged.</P
-><P
->The Salvager creates temporary files as it runs, by default writing them to the partition it is salvaging. The number of
- files can be quite large, and if the partition is too full to accommodate them, the Salvager terminates without completing the
- salvage operation (it always removes the temporary files before exiting). Other Salvager subprocesses running at the same time
- continue until they finish salvaging all other partitions where there is enough disk space for temporary files. To complete the
- interrupted salvage, reissue the command against the appropriate partitions, adding the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-tmpdir</B
-></SPAN
->
- argument to redirect the temporary files to a local disk directory that has enough space.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-orphans</B
-></SPAN
-> argument controls how the Salvager handles orphaned files and directories
- that it finds on server partitions it is salvaging. An orphaned element is completely inaccessible because it is not referenced
- by the vnode of any directory that can act as its parent (is higher in the filespace). Orphaned objects occupy space on the
- server partition, but do not count against the volume's quota.</P
-><P
->During the salvage, the output of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos status</B
-></SPAN
-> command reports the following auxiliary
- status for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> process:</P
-><PRE
-CLASS="programlisting"
-> Salvaging file system
-</PRE
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ233"
->To salvage volumes</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage</B
-></SPAN
-> command to salvage one or more volumes. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage -server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->salvage partition</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->salvage volume number or volume name</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> salvage log output file] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showlog</B
-></SPAN
->] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-parallel</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
-># of max parallel partition salvaging</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-tmpdir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory to place tmp files</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-orphans</B
-></SPAN
-> <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ignore</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->remove</B
-></SPAN
-> | <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->attach</B
-></SPAN
-> >]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine on which to salvage volumes. This argument can be combined either with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-> flag, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument, or both the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> arguments.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></DT
-><DD
-><P
->Names a single partition on which to salvage all volumes. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->
- argument must be provided along with this one.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or volume ID number of one read/write volume to salvage. Combine this argument with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete pathname of a file into which to write a trace of the salvage operation, in addition
- to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/SalvageLog</B
-></SPAN
-> file on the server machine. If the file pathname
- is local, the trace is written to the specified file on the local disk of the machine where the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos salvage</B
-></SPAN
-> command is issued. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-> argument is
- included, the file can be in AFS, though not in the volume being salvaged. Do not combine this argument with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showlog</B
-></SPAN
-> flag.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-></DT
-><DD
-><P
->Salvages all volumes on all of the partitions on the machine named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-showlog</B
-></SPAN
-></DT
-><DD
-><P
->Displays the trace of the salvage operation on the standard output stream, as well as writing it to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/SalvageLog</B
-></SPAN
-> file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-parallel</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the maximum number of Salvager subprocesses to run in parallel. Provide one of three values:
- <UL
-><LI
-><P
->An integer from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->32</B
-></SPAN
->. A
- value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> means that a single Salvager process salvages the partitions
- sequentially.</P
-></LI
-><LI
-><P
->The string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-> to run up to four Salvager subprocesses in parallel on
- partitions formatted as logical volumes that span multiple physical disks. Use this value only with such
- logical volumes.</P
-></LI
-><LI
-><P
->The string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-> followed immediately (with no intervening space) by an
- integer from the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->32</B
-></SPAN
->, to run the
- specified number of Salvager subprocesses in parallel on partitions formatted as logical volumes. Use this
- value only with such logical volumes.</P
-></LI
-></UL
-></P
-><P
->The BOS Server never starts more Salvager subprocesses than there are partitions, and always starts only one
- process to salvage a single volume. If this argument is omitted, up to four Salvager subprocesses run in
- parallel.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-tmpdir</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the full pathname of a local disk directory to which the Salvager process writes temporary files
- as it runs. By default, it writes them to the partition it is currently salvaging.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-orphans</B
-></SPAN
-></DT
-><DD
-><P
->Controls how the Salvager handles orphaned files and directories. Choose one of the following three values:
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ignore</B
-></SPAN
-></DT
-><DD
-><P
->Leaves the orphaned objects on the disk, but prints a message to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/SalvageLog</B
-></SPAN
-> file reporting how many orphans were found and the
- approximate number of kilobytes they are consuming. This is the default if you omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-orphans</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->remove</B
-></SPAN
-></DT
-><DD
-><P
->Removes the orphaned objects, and prints a message to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/logs/SalvageLog</B
-></SPAN
-> file reporting how many orphans were removed and the
- approximate number of kilobytes they were consuming.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->attach</B
-></SPAN
-></DT
-><DD
-><P
->Attaches the orphaned objects by creating a reference to them in the vnode of the volume's root
- directory. Since each object's actual name is now lost, the Salvager assigns each one a name of the
- following form: <TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->_ _ORPHANFILE_ _.</B
-></SPAN
-> index for files</TD
-></TR
-><TR
-><TD
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->_ _ORPHANDIR_ _.</B
-></SPAN
-> index for directories</TD
-></TR
-></TBODY
-></TABLE
-></P
-><P
->where index is a two-digit number that uniquely identifies each object. The orphans are charged
- against the volume's quota and appear in the output of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> command
- issued against the volume's root directory.</P
-></DD
-></DL
-></DIV
-></P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ234"
->Setting and Displaying Volume Quota and Current Size</A
-></H1
-><P
->Every AFS volume has an associated quota which limits the volume's size. The default quota for a newly created volume is
- 5,000 kilobyte blocks (slightly less that 5 MB). When a volume reaches its quota, the File Server rejects attempts to create new
- files or directories in it. If an application is writing data into an existing file in a full volume, the File Server allows a
- defined overage (by default, 1 MB). (You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fileserver</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-spare</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-pctspare</B
-></SPAN
-> argument to change the default overage; see the
- command's reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
-> IBM AFS Administration Reference</I
-></SPAN
->.)</P
-><P
->To set a quota other than 5000 KB as you create a volume, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-maxquota</B
-></SPAN
-> argument
- to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos create</B
-></SPAN
-> command, as described in <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write
- Volumes</A
->. To modify an existing volume's quota, issue either the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setquota</B
-></SPAN
-> or the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> command as described in the following instructions. Do not set an existing volume's
- quota lower than its current size.</P
-><P
->In general, smaller volumes are easier to administer than larger ones. If you need to move volumes, say for load-balancing
- purposes, it is easier to find enough free space on other partitions for small volumes. Move operations complete more quickly
- for small volumes, reducing the potential for outages or other errors to interrupt the move. AFS supports a maximum volume size,
- which can vary for different AFS releases; see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
-> IBM AFS Release Notes</I
-></SPAN
-> for the version you are using.
- Also, the size of a partition or logical places an absolute limit on volume size, because a volume cannot span multiple
- partitions or logical volumes.</P
-><P
->It is generally safe to overpack partitions by putting more volumes on them than can actually fit if all the volumes reach
- their maximum quota. However, only experience determines to what degree overpacking works in your cell. It depends on what kind
- of quota you assign to volumes (particularly user volumes, which are more likely than system volumes to grow unpredictably) and
- how much information people generate and store in comparison to their quota.</P
-><P
->There are several commands that display a volume's quota, as described in the following instructions. They differ in how
- much related information they produce.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_250"
->To set quota for a single volume</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setquota</B
-></SPAN
-> command to set the volume's maximum quota. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setquota</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>] <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-max</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->max quota in kbytes</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sq</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setquota</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names a file or directory in the volume for which to set the indicated quota. Partial pathnames are
- interpreted relative to the current working directory, which is the default if you omit this argument.</P
-><P
->Specify the read/write path to the file or directory, to avoid the failure that results when you attempt to
- change a read-only volume. By convention, you indicate the read/write path by placing a period before the cell
- name at the pathname's second level (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/.abc.com</B
-></SPAN
->). For further
- discussion of the concept of read/write and read-only paths through the filespace, see <A
-HREF="c8420.html#HDRWQ209"
->The Rules of Mount Point Traversal</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->max quota in kbytes</B
-></SPAN
-></DT
-><DD
-><P
->Sets the volume's quota, expressed in kilobyte blocks ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1024</B
-></SPAN
-> equals a
- megabyte). A value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> grants an unlimited quota, but the size of the partition
- imposes an absolute limit. You must include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-max</B
-></SPAN
-> switch if omitting the
- dir/file path argument (to set the quota on the volume that houses the current working directory).</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_251"
->To set maximum quota on one or more volumes</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group. If necessary, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ587"
->To display
- the members of the system:administrators group</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership system:administrators</B
-></SPAN
->
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> command to set the quota on one or more volumes.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setvol</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+] <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-max</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->disk space quota in 1K units</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sv</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setvol</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names one file or directory that resides in each volume for which to set the indicated quota. Partial
- pathnames are interpreted relative to the current working directory, which is the default if you omit this
- argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->disk space quota in 1K units</B
-></SPAN
-></DT
-><DD
-><P
->Sets the maximum quota on each volume, expressed in kilobytes blocks ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1024</B
-></SPAN
->
- equals a megabyte). A value of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> grants an unlimited quota, but the size of the
- partition does impose an absolute limit.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_252"
->To display percent quota used</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->q</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->quota</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names a directory or file in each volume for which to display percent quota used. Partial pathnames are
- interpreted relative to the current working directory, which is the default if you omit this argument.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->The following example illustrates the output produced by this command:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota /afs/abc.com/usr/terry</B
-></SPAN
->
- 34% of quota used.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_253"
->To display quota, current size, and other information</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lq</B
-></SPAN
-></DT
-><DD
-><P
->Is an alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listquota</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names a directory or file in each volume for which to display quota along with volume name and current space
- usage. Partial pathnames are interpreted relative to the current working directory, which is the default if you
- omit this argument.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->As illustrated in the following example, the output reports the volume's name, its quota and current size (both in
- kilobyte units), the percent quota used, and the percentage of space on the volume's host partition that is used.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota /afs/abc.com/usr/terry</B
-></SPAN
->
- Volume Name Quota Used % Used Partition
- user.terry 15000 5071 34% 86%
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_254"
->To display quota, current size, and more partition information</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>+]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exa</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->examine</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dir/file path</B
-></SPAN
-></DT
-><DD
-><P
->Names a directory or file in each volume for which to display quota information and information about the
- host partition. Partial pathnames are interpreted relative to the current working directory, which is the default
- if you omit this argument.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-><P
->As illustrated in the following example, the output displays the volume's volume ID number and name, its quota and
- current size (both in kilobyte units), and the free and total number of kilobyte blocks on the volume's host partition.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine /afs/abc.com/usr/terry</B
-></SPAN
->
- Volume status for vid = 50489902 named user.terry
- Current maximum quota is 15000
- Current blocks used are 5073
- The partition has 46383 blocks available out of 333305
-</PRE
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The partition-related statistics in this command's output do not always agree with the corresponding values in the
- output of the standard UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->df</B
-></SPAN
-> command. The statistics reported by this command can be up
- to five minutes old, because the Cache Manager polls the File Server for partition information at that frequency. Also, on
- some operating systems, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->df</B
-></SPAN
-> command's report of partition size includes reserved space
- not included in this command's calculation, and so is likely to be about 10% larger.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ235"
->Removing Volumes and their Mount Points</A
-></H1
-><P
->To remove a volume from its site and its record from the VLDB, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
->
- command. Use it to remove any of the three types of volumes; the effect depends on the type. <UL
-><LI
-><P
-> If you indicate the read/write volume by specifying the volume's base name without a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension, the command removes both the
- read/write and associated backup volume from the partition that houses them. You do not need to provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments, because there can be only one
- read/write site. The site information is also removed from the VLDB entry, and the site count (reported by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> commands as <SAMP
-CLASS="computeroutput"
->number of
- sites</SAMP
->) decrements by one. The read/write and backup volume ID numbers no longer appear in the output from
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> commands, but they are
- preserved internally. Read-only sites, if any, are not affected, but cannot be changed unless a read/write site is again
- defined. The entire VLDB entry is removed if there are no read-only sites.</P
-><P
->If there are no read-only copies left, it is best to remove the volume's mount point to prevent attempts to access
- the volume's contents. Do not remove the mount point if copies of the read-only volume remain.</P
-></LI
-><LI
-><P
->If you indicate a read-only volume by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> extension on its
- name, it is removed from the partition that houses it, and the corresponding site information is removed from the VLDB
- entry. The site count reported by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- listvldb</B
-></SPAN
-> commands as <SAMP
-CLASS="computeroutput"
->number of sites</SAMP
-> decrements by one for each volume you
- remove.</P
-><P
->If there is more than one read-only site, you must include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument
- (and optionally <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument) to specify the site from which to remove the volume.
- If there is only one read-only site, the volume name is sufficient; if no read/write volume exists in this case, the
- entire VLDB entry is removed.</P
-><P
->It is not generally appropriate to remove the volume's mount point when removing a read-only volume, especially if
- the read/write version of the volume still exists. If the read/write version no longer exists, remove the mount point as
- described in Step <A
-HREF="c8420.html#LIWQ239"
->5</A
->of <A
-HREF="c8420.html#HDRWQ236"
->To remove a volume and unmount
- it</A
->.</P
-></LI
-><LI
-><P
->If you indicate a backup volume by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
-> extension on its name, it
- is removed from the partition that houses it and its site information is removed from the VLDB entry. You do not need to
- provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments, because
- there can be only one backup site. The backup volume ID number no longer appears in the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command, but is preserved
- internally.</P
-><P
->In the standard configuration, there is a separate mount point for the backup version of a user volume. Remember to
- remove the mount point to prevent attempt to access the nonexistent volume's contents.</P
-></LI
-></UL
-></P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_256"
->Other Removal Commands</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> command is almost always the appropriate way to remove a volume, because
- it automatically removes a volume's VLDB entry and both the volume header and all data from the partition. If either the VLDB
- entry or volume header does not exist, it is sometimes necessary to use other commands that remove only the remaining element.
- Do not use these commands in the normal case when both the VLDB entry and the volume header exist, because by definition they
- create discrepancies between them. For details on the commands' syntax, see their reference pages in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
-> IBM AFS
- Administration Reference</I
-></SPAN
->.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos zap</B
-></SPAN
-> command removes a volume from its site by removing the volume header and
- volume data for which a VLDB entry no longer exists. You can tell a VLDB entry is missing if the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- listvol</B
-></SPAN
-> command displays the volume header but the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command cannot locate the VLDB entry. You must run this command to correct the
- discrepancy, because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncvldb</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
->
- commands never remove volume headers.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remsite</B
-></SPAN
-> command removes a read-only site definition from the VLDB without
- affecting the volume on the file server machine. Use this command when you have mistakenly issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos addsite</B
-></SPAN
-> command to define a read-only site, but have not yet issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- release</B
-></SPAN
-> command to release the volume to the site. If you have actually released a volume to the site, use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> command instead.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos delentry</B
-></SPAN
-> command removes the entire VLDB entry that mentions the volume you
- specify. If versions of the volume actually exist on file server machines, they are not affected. This command is useful if
- you know for certain that a volume removal was not recorded in the VLDB (perhaps you used the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos
- zap</B
-></SPAN
-> command during an emergency), and do not want to take the time to resynchronize the entire VLDB with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncvldb</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos syncserv</B
-></SPAN
-> commands.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ236"
->To remove a volume and unmount it</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->If removing the volume's mount point, verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->) permission on its parent directory's ACL. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><A
-NAME="LIWQ237"
-></A
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Dump the volume to a file or to tape, in case you want to restore it
- later. To copy the volume's contents to a file, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command as instructed in
- <A
-HREF="c8420.html#HDRWQ240"
->Dumping and Restoring Volumes</A
->. You can then copy the file to tape using a third-party
- backup utility or an archiving utility such as the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tar</B
-></SPAN
-> command.</P
-><P
->Alternatively, use the AFS Backup System to create a tape copy. In this case, it can be convenient to create a
- temporary volume set that includes only the volume of interest. Temporary volume sets are not recorded in the Backup
- Database, and so do not clutter database with records for volume sets that you use only once. For instructions, see <A
-HREF="c15383.html#HDRWQ301"
->To create a dump</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ238"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> command to remove the volume. If
- removing a read-only volume from multiple sites, repeat the command for each one. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos remove</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> machine name>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->partition name</VAR
->>] \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->remo</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->remove</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the file server machine on which the volume resides. It is necessary only when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument names a read-only volume that exists at multiple sites.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the partition on machine name where the volume resides. It is necessary only when the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument names a read-only volume that exists at multiple sites. Provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> argument along with this one.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the volume to remove, either by its complete name or volume ID number. If identifying a read-only
- or backup volume by name, include the appropriate extension ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
->).</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ239"
-></A
->If you are removing the last existing version of the volume, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> command remove the corresponding mount point. Complete instructions appear in <A
-HREF="c8420.html#HDRWQ236"
->To remove a volume and unmount it</A
->.</P
-><P
->If you are removing a backup volume that is mounted in the conventional way (at a subdirectory of its read/write
- volume's root directory), then removing the source volume's mount point in this step is sufficient to remove the backup
- volume's mount point. If you mounted the backup at a completely separate directory, you need to repeat this step for the
- backup volume's mount point.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>
-</PRE
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> If you created a dump file in Step <A
-HREF="c8420.html#LIWQ237"
->3</A
->,
- transfer it to tape. The preferred method is to use the AFS Backup System, which is described in <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
->and <A
-HREF="c15383.html"
->Backing Up and Restoring AFS
- Data</A
->.</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ240"
->Dumping and Restoring Volumes</A
-></H1
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Dumping</I
-></SPAN
-> a volume with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command converts its contents
- into ASCII format and writes them to the file you specify. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-> command places a
- dump file's contents into a volume after converting them into the volume format appropriate for the indicated file server
- machine.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_259"
->About Dumping Volumes</A
-></H2
-><P
->Dumping a volume can be useful in several situations, including the following: <UL
-><LI
-><P
->You want to back it up to tape, perhaps by using a third-party backup utility. To facilitate this type of backup
- operation, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command can write to a named pipe. To learn about using the AFS
- Backup System instead, see <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
->and <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
->.</P
-></LI
-><LI
-><P
->You are removing the volume from your cell (perhaps because its owner is leaving your cell). The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command enables you to create a copy for safekeeping without incurring the overhead of
- the Backup System. For complete instructions on removing a volume, see <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and
- their Mount Points</A
->.</P
-></LI
-><LI
-><P
->You want to create a copy of the volume for safekeeping on a non-AFS server partition, perhaps while you move the
- actual volume to another machine or perform maintenance tasks on the partition that houses the volume.</P
-></LI
-><LI
-><P
->You need to replace a corrupted read/write volume. If an uncorrupted read-only or backup version of the volume
- exists, dump it and restore the data into the read/write volume, overwriting the corrupted contents.</P
-></LI
-><LI
-><P
->You want to copy or transfer the contents of the volume to another cell. You cannot use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos move</B
-></SPAN
-> command, because AFS supports volume moves only between file server machines that belong
- to the same cell.</P
-></LI
-><LI
-><P
->You want to have another read/write copy of the volume's contents. The second volume must have a different name
- than the original one. If you want the contents of the two volumes to remain identical, you must update them both
- manually. AFS provides no facility for keeping read/write volumes synchronized in this way.</P
-></LI
-><LI
-><P
->You want a copy of only the files and directories in the volume with modification time stamps after a certain
- date. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command can create an incremental dump file as described in Step
- <A
-HREF="c8420.html#LIWQ241"
->3</A
->of the following instructions.</P
-></LI
-></UL
-></P
-><P
->You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command to create a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->full dump</I
-></SPAN
->, which
- contains the complete contents of the volume at the time you issue the command, or an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->incremental dump</I
-></SPAN
->,
- which contains only those files and directories with modification timestamps (as displayed by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls
- -l</B
-></SPAN
-> command) that are later than a date and time you specify. See Step <A
-HREF="c8420.html#LIWQ241"
->3</A
->of the
- following instructions.</P
-><P
->Dumping a volume does not change its VLDB entry or permanently affect its status on the file server machine, but the
- volume's contents are inaccessible during the dump operation. To avoid interrupting access to the volume, it is generally best
- to dump the volume's backup version, just after using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backupsys</B
-></SPAN
-> command to create a new backup version.</P
-><P
->If you do not provide a filename into which to write the dump, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command
- directs the output to the standard output stream. You can pipe it directly to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
->
- command if you wish.</P
-><P
->Because a volume dump file is in ASCII format, you can read its contents using a text editor or a command such as the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cat</B
-></SPAN
-> command. However, dump files sometimes contain special characters that do not have
- alphanumeric correlates, which can cause problems for some display programs.</P
-><P
->By default, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos</B
-></SPAN
-> command interpreter consults the Volume Location Database (VLDB) to
- learn the volume's location, so the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
->
- arguments are not required. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument identifies a read-only volume that resides at
- multiple sites, then the command dumps the version from just one of them (normally, the one listed first in the volume's VLDB
- entry as reported by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
->
- command). To dump the read-only volume from a particular site, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments to specify the site. To bypass the VLDB lookup entirely, provide a volume ID
- number (rather than a volume name) as the value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> argument, along with the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments. This makes it possible to
- dump a volume for which there is no VLDB entry.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_260"
->To dump a volume</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Verify that you have the permissions necessary to create the dump file. If placing it in AFS, you must have the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) permission on the ACL of the file's
- directory. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ241"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command to dump the volume.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump -id</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-time</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dump from time</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->arg</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->server</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->partition</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the volume to be dumped by its complete name or volume ID number. If you want to dump the
- read-only or backup version, specify its volume ID number or add the appropriate extension ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.readonly</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.backup</B
-></SPAN
->) to the name.</P
-><P
->To bypass the normal VLDB lookup of the volume's location, provide the volume ID number and combine this
- argument with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
->
- arguments.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-time</B
-></SPAN
-></DT
-><DD
-><P
->Specifies whether the dump is full or incremental. Omit this argument to create a full dump, or provide one
- of three acceptable values: <UL
-><LI
-><P
->The value <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
->(zero) to create a full dump.</P
-></LI
-><LI
-><P
->A date in the format mm <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
-> dd <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
-> yyyy
- (month, day and year) to create an incremental dump that includes only files and directories with
- modification timestamps later than midnight (12:00 a.m.) on the indicated date. Valid values for the year
- range from <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->1970</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->2037</B
-></SPAN
->; higher values are
- not valid because the latest possible date in the standard UNIX representation is in 2038. The command
- interpreter automatically reduces later dates to the maximum value. An example is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->01/13/1999</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->A date and time in the format <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->"</B
-></SPAN
-> mm <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->
- dd <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
-> yyyy hh <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
-> MM <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->"</B
-></SPAN
-> to create an incremental dump that includes only files and directories with
- modification timestamps later than the specified date and time. The date format is the same as for a date
- alone. Express the time as hours and minutes (hh:MM) in 24-hour format (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->20:30</B
-></SPAN
-> is 8:30 p.m.). Surround the entire expression with double quotes (" ") because
- it contains a space. An example is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->"01/13/1999 22:30"</B
-></SPAN
->.</P
-></LI
-></UL
-></P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the pathname of the file to which to write the dump. The file can be in AFS, but not in the volume
- being dumped. A partial pathname is interpreted relative to the current working directory. Omit this argument to
- direct the dump to the standard output stream.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the file server machine on which the volume resides. Provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> argument along with this one.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the partition on which the volume resides. Provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
->
- argument along with this one.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_261"
->About Restoring Volumes</A
-></H2
-><P
->Although you can dump any of the three types of volumes (read/write, read-only, or backup), you can restore a dump file
- to the file system only as a read/write volume, using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-> command. The command
- automatically translates the dump file's contents from ASCII back into the volume format appropriate for the file server
- machine that stores the restored version. As with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos dump</B
-></SPAN
-> command, you can restore a
- dump file via a named pipe, which facilitates interoperation with third-party backup utilities.</P
-><P
->You can restore the contents of a dump file in one of two basic ways. In either case, you must restore a full dump of
- the volume before restoring any incremental dumps. Any incremental dumps that you then restore must have been created after
- the full dump. If there is more than one incremental dump, you must restore them in the order they were created. <UL
-><LI
-><P
->You can restore volume data into a brand new volume with a new name and at a location that you specify. See <A
-HREF="c8420.html#HDRWQ242"
->To restore a dump into a new volume and mount it</A
->.</P
-><P
->You can assign a volume ID number as you restore the volume, though it is best to have the Volume Server allocate
- a volume number automatically. The most common reason for specifying the volume ID is that a volume's VLDB entry has
- disappeared for some reason, but you know the former read/write volume ID number and want to reuse it.</P
-></LI
-><LI
-><P
->You can restore volume data into an existing volume (usually the one that was previously dumped), overwriting its
- current contents. This is convenient if the current contents are corrupted or otherwise incorrect, because it allows you
- to replace them with a coherent version from the past or from one of the volume's clones. See <A
-HREF="c8420.html#HDRWQ244"
->To restore a dump file, overwriting an existing volume</A
->.</P
-><P
->Provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-> argument to preconfirm that you wish to overwrite the
- volume's contents, and to specify whether you are restoring a full or incremental dump. If you omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-> argument, the Volume Server generates the following prompt to confirm that you want to
- overwrite the existing volume with either a full ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->f</B
-></SPAN
->) or incremental ( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->) dump:</P
-><PRE
-CLASS="programlisting"
-> Do you want to do a full/incremental restore or abort? [fia](a):
-</PRE
-><P
->If you pipe in the dump file via the standard input stream instead of using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> argument to name it, you must include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
->
- argument because there is nowhere for the Volume Server to display the prompt in this case.</P
-><P
->You can move the volume to a new site as you overwrite it with a full dump, by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-server</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-partition</B
-></SPAN
-> arguments to specify the new site. You
- cannot move the volume when restoring an incremental dump.</P
-></LI
-></UL
-></P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-> command sets the restored volume's creation date in the volume header
- to the time of the restore operation, as reported in the <SAMP
-CLASS="computeroutput"
->Creation</SAMP
-> field in the output from
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos examine</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvol</B
-></SPAN
-> commands.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ242"
->To restore a dump into a new volume and mount it</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Verify that you have permissions needed to read the dump file and to mount the new volume. If the dump file resides
- in AFS, you need the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission on the ACL of
- its directory. You need the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permissions on the ACL of the directory where you
- are mounting the new volume. If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully
- described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><P
->Select a site (disk partition on a file server machine) for the new volume. If your cell groups different types of
- volumes onto different file server machines, that can guide your decision. It often makes sense to put the volume on the
- emptiest partition that meets your other criteria. To display how much space is available on a file server machine's
- partitions, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos partinfo</B
-></SPAN
-> command, which is described fully in <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos partinfo</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> [<<VAR
-CLASS="replaceable"
->partition name</VAR
->>]
-</PRE
-></P
-></LI
-><LI
-><P
-><A
-NAME="LIWQ243"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-> command to create a new volume and
- restore the dump file into it. Type it on a single line; it appears on multiple lines here only for legibility.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->partition name</VAR
->> \
- <<VAR
-CLASS="replaceable"
->name of volume to be restored</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dump file</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume ID</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->res</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restore</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine on which to create the new volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition on which to create the new volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of volume to be restored</B
-></SPAN
-></DT
-><DD
-><P
->Names the new read/write volume, which must not already have a VLDB entry. It can be up to 22 characters in
- length.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-></DT
-><DD
-><P
->Is the dump file to restore. Partial pathnames are interpreted with respect to the current working
- directory. Omit this argument if using a pipe to read in the dump file from the standard input stream.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-volume</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the new volume's ID number. It is appropriate only if you are restoring a volume that no longer
- exists and want to use the volume ID number it had previously.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> command to mount the new volume, making its contents
- accessible. Complete instructions appear in <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->(Optional)</B
-></SPAN
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> command to verify
- that the mount point refers to the correct volume. Complete instructions appear in <A
-HREF="c8420.html#HDRWQ211"
->To display a
- mount point</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lsmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>
-</PRE
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ244"
->To restore a dump file, overwriting an existing volume</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Verify that you have permissions needed to read the dump file. If it resides in AFS, you need the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission on the ACL of its directory. If necessary,
- issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><P
->Restore the contents of the dump file into a read/write volume, overwriting the current contents. The volume retains
- its current volume ID number. Type it on a single line; it appears on multiple lines here only for legibility.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos restore</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->> <<VAR
-CLASS="replaceable"
->partition name</VAR
->> \
- <<VAR
-CLASS="replaceable"
->name of volume to be restored</VAR
->> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dump file</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume ID</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->res</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->restore</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Names the file server machine where the volume already exists, or the machine to which to move it. In the
- latter case, the value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-> argument must be <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->full</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Names the partition where the volume already exists, or the partition to which to move it. In the latter
- case, the value for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-> argument must be <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->full</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->name of volume to be restored</B
-></SPAN
-></DT
-><DD
-><P
->Names the read/write volume to overwrite with the contents of the dump file.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-file</B
-></SPAN
-></DT
-><DD
-><P
->Is the dump file to restore. Partial pathnames are interpreted with respect to the current working
- directory. Omit this argument if using a pipe to read in the dump file from the standard input stream; in this
- case, you must provide the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-overwrite</B
-></SPAN
-></DT
-><DD
-><P
->Preconfirms that you want to overwrite the existing volume and specifies which type of dump file you are
- restoring. Provide one of the following values: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->f</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->full</B
-></SPAN
-> if restoring a full dump
- file</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->incremental</B
-></SPAN
-> if restoring an
- incremental dump file. This value is not acceptable if you are moving the volume while restoring it.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> to terminate the restore operation</P
-></LI
-></UL
-></P
-></DD
-></DL
-></DIV
-></P
-></LI
-><LI
-><P
->If the volume is replicated, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> command to release the newly
- restored contents to read-only sites. Complete instructions appear in <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes
- (Creating Read-only Volumes)</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos release</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> command to create a new backup version of the volume. Complete
- instructions appear in <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos backup</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ245"
->Renaming Volumes</A
-></H1
-><P
->You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos rename</B
-></SPAN
-> command to rename a volume. For example, it is appropriate to
- rename a user's home volume if you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
-> username convention for user volume names and
- you change the username. (For complete instructions for changing usernames, see <A
-HREF="c27596.html#HDRWQ518"
->Changing
- Usernames</A
->.)</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos rename</B
-></SPAN
-> command accepts only read/write volume names, but automatically changes
- the names of the associated read-only and backup volumes. As directed in the following instructions, you need to replace the
- volume's current mount point with a new one that reflects the name change.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ246"
->To rename a volume</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Verify that you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) access permissions for the directory in which you are replacing the volume's mount point.
- If necessary, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, which is fully described in <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>]
-</PRE
-></P
-><P
->Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group always implicitly have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) and by default also the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->( <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on every ACL and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant other rights as necessary.</P
-></LI
-><LI
-><P
-><A
-NAME="LIVOL-REN"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos rename</B
-></SPAN
-> command to rename the volume.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos rename</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->old volume name</VAR
->> <<VAR
-CLASS="replaceable"
->new volume name</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ren</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rename</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->old volume name</B
-></SPAN
-></DT
-><DD
-><P
->Is the current name of a read/write volume.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->new volume name</B
-></SPAN
-></DT
-><DD
-><P
->Is the new name for the volume. It cannot be more than 22 characters in length.</P
-></DD
-></DL
-></DIV
-></P
-><P
->If there is no Volume Location Database (VLDB) entry for the specified current volume name, the command fails with
- the following error message:</P
-><PRE
-CLASS="programlisting"
-> vos: Could not find entry for volume old_volume_name.
-</PRE
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> command to remove the mount point that refers to the volume's
- old name. Complete instructions appear in <A
-HREF="c8420.html#HDRWQ215"
->To remove a mount point</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs rmmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> to create a mount point that indicates the volume's new name.
- Complete instructions appear in <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs mkmount</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <<VAR
-CLASS="replaceable"
->volume name</VAR
->> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-rw</B
-></SPAN
->]
-</PRE
-></P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ247"
->Unlocking and Locking VLDB Entries</A
-></H1
-><P
->As detailed in <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->, The Volume Location (VL) Server
- locks the Volume Location Database (VLDB) entry for a volume before the Volume Server executes any operation on it. No other
- operation can affect a volume with a locked VLDB entry, so the lock prevents the inconsistency or corruption that can result
- from multiple simultaneous operations on a volume.</P
-><P
->To verify that a VLDB entry is locked, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos listvldb</B
-></SPAN
-> command as described in
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->. The command has a <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-locked</B
-></SPAN
-> flag that
- displays locked entries only. If the VLDB entry is locked, the string <SAMP
-CLASS="computeroutput"
->Volume is currently
- LOCKED</SAMP
-> appears on the last line of the volume's output.</P
-><P
->To lock a VLDB entry yourself, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos lock</B
-></SPAN
-> command. This is useful when you suspect
- something is wrong with a volume and you want to prevent any changes to it while you are investigating the problem.</P
-><P
->To unlock a locked VLDB entry, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlock</B
-></SPAN
-> command, which unlocks a single VLDB
- entry, or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlockvldb</B
-></SPAN
-> command, which unlocks potentially many entries. This is useful
- when a volume operation fails prematurely and leaves a VLDB entry locked, preventing you from acting to correct the problems
- resulting from the failure.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_267"
->To lock a VLDB entry</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos lock</B
-></SPAN
-> to lock the entry. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos lock</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lo</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lock</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the volume to be locked, either by its complete name or volume ID number. It can be any of the
- three versions of the volume.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_268"
->To unlock a single VLDB entry</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlock</B
-></SPAN
-> command to unlock the entry. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlock</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->volume name or ID</VAR
->>
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlock</B
-></SPAN
-></DT
-><DD
-><P
->Must be typed in full.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->volume name or ID</B
-></SPAN
-></DT
-><DD
-><P
->Identifies the volume to be unlocked, either by its complete name or volume ID number. It can be any of the
- three versions of the volume.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_269"
->To unlock multiple VLDB entries</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Verify that you are listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/afs/etc/UserList</B
-></SPAN
-> file. If necessary, issue
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> command, which is fully described in <A
-HREF="c32432.html#HDRWQ593"
->To
- display the users in the UserList file</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bos listusers</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->machine name</VAR
->>
-</PRE
-></P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlockvldb</B
-></SPAN
-> command to unlock the desired entries. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->vos unlockvldb</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->machine name</VAR
->>] [<<VAR
-CLASS="replaceable"
->partition name</VAR
->>]
-</PRE
-></P
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlockv</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlockvldb</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->machine name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies a file server machine. Provide this argument alone to unlock all VLDB entries that mention the
- machine in a site definition. Omit both this argument and the partition name argument to unlock all VLDB
- entries.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->partition name</B
-></SPAN
-></DT
-><DD
-><P
->Specifies a partition. Provide this argument alone to unlock all VLDB entries that mention the partition (on
- any machine) in a site definition. Omit both this argument and the machine name argument to unlock all VLDB
- entries.</P
-></DD
-></DL
-></DIV
-></P
-></LI
-></OL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c6449.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c12776.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Monitoring and Controlling Server Processes</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="p3023.html"
-ACCESSKEY="U"
->Up</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Configuring the AFS Backup System</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->About This Guide</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="NEXT"
-TITLE="Concepts and Configuration Issues"
-HREF="p128.html"></HEAD
-><BODY
-CLASS="preface"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="book1.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="p128.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="preface"
-><H1
-><A
-NAME="Header_3"
-></A
->About This Guide</H1
-><P
->This section describes the purpose, organization, and conventions of this document.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ1"
->Audience and Purpose</A
-></H1
-><P
->This guide describes the concepts and procedures that an AFS(R) system administrator needs to know. It assumes familiarity
- with UNIX(R) administration, but no previous knowledge of AFS.</P
-><P
->This document describes AFS commands in the context of specific tasks. Thus, it does not describe all commands in detail.
- Refer to the IBM AFS Administration Reference for detailed command descriptions.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ2"
->Document Organization</A
-></H1
-><P
->This document groups AFS administrative tasks into the following conceptual sections: <UL
-><LI
-><P
->Concepts and Configuration Issues</P
-></LI
-><LI
-><P
->Managing File Server Machines</P
-></LI
-><LI
-><P
->Managing Client Machines</P
-></LI
-><LI
-><P
->Managing Users and Groups</P
-></LI
-></UL
-></P
-><P
->The individual chapters in each section contain the following: <UL
-><LI
-><P
->A chapter overview</P
-></LI
-><LI
-><P
->A quick reference list of the tasks and commands described in the chapter</P
-></LI
-><LI
-><P
->An introduction to concepts that pertain to all of the tasks described in the chapter</P
-></LI
-><LI
-><P
->A set of sections devoted to specific tasks. Each section begins with a discussion of concepts specific to that
- task, followed by step-by-step instructions for performing the task. The instructions are as specific as has been judged
- practical. If two related procedures differ from one another in important details, separate sets of instructions are
- usually provided.</P
-></LI
-></UL
-></P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ3"
->How to Use This Document</A
-></H1
-><P
->When you need to perform a specific administrative task, follow these steps:
-
- <OL
-TYPE="1"
-><LI
-><P
->Determine if the task concerns file server machines, client machines, or users and groups. Turn to the appropriate
- section in this document and then to the appropriate chapter.</P
-></LI
-><LI
-><P
->Read or review the general introductory material at the beginning of the chapter.</P
-></LI
-><LI
-><P
->Read or review the introductory material concerning the specific task you wish to perform.</P
-></LI
-><LI
-><P
->Follow the step-by-step instructions for the task.</P
-></LI
-><LI
-><P
->If necessary, refer to the IBM AFS Administration Reference for more detailed information about the commands.</P
-></LI
-></OL
->
-</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ4"
->Related Documents</A
-></H1
-><P
->The following documents are also included in the AFS documentation set.
-
- <DIV
-CLASS="variablelist"
-><DL
-><DT
->IBM AFS Administration Reference</DT
-><DD
-><P
->This reference manual details the syntax and effect of each AFS command. It is intended for the experienced AFS
- administrator, programmer, or user. The IBM AFS Administration Reference lists AFS files and commands in alphabetical
- order. The reference page for each command specifies its syntax, including the acceptable aliases and abbreviations. It
- then describes the command's function, arguments, and output if any. Examples and a list of related commands are provided,
- as are warnings where appropriate.</P
-><P
->This manual complements the IBM AFS Administration Guide: it does not include procedural information, but describes
- commands in more detail than the IBM AFS Administration Guide.</P
-></DD
-><DT
->IBM AFS Quick Beginnings</DT
-><DD
-><P
->This guide provides instructions for installing AFS server and client machines. It is assumed that the installer is
- an experienced UNIX(R) system administrator.</P
-><P
->For predictable performance, machines must be installed and configured in accordance with the instructions in this
- guide.</P
-></DD
-><DT
->IBM AFS Release Notes</DT
-><DD
-><P
->This document provides information specific to each release of AFS, such as a list of new features and commands, a
- list of requirements and limitations, and instructions for upgrading server and client machines.</P
-></DD
-><DT
->IBM AFS User Guide</DT
-><DD
-><P
->This guide presents the basic concepts and procedures necessary for using AFS effectively. It assumes that the
- reader has some experience with UNIX, but does not require familiarity with networking or AFS.</P
-><P
->The guide explains how to perform basic functions, including authenticating, changing a password, protecting AFS
- data, creating groups, and troubleshooting. It provides illustrative examples for each function and describes some of the
- differences between the UNIX file system and AFS.</P
-></DD
-></DL
-></DIV
->
-</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRTYPO_CONV"
->Typographical Conventions</A
-></H1
-><P
->This document uses the following typographical conventions:
-
- <UL
-><LI
-><P
->Command and option names appear in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bold type</B
-></SPAN
-> in syntax definitions, examples, and
- running text. Names of directories, files, machines, partitions, volumes, and users also appear in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bold type</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Variable information appears in <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->italic type</I
-></SPAN
->. This includes user-supplied information on command
- lines and the parts of prompts that differ depending on who issues the command. New terms also appear in <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->italic
- type</I
-></SPAN
->.</P
-></LI
-><LI
-><P
->Examples of screen output and file contents appear in <SAMP
-CLASS="computeroutput"
->monospace type</SAMP
->.</P
-></LI
-></UL
->
-</P
-><P
->In addition, the following symbols appear in command syntax definitions, both in the documentation and in AFS online help
- statements. When issuing a command, do not type these symbols. <UL
-><LI
-><P
->Square brackets <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[ ]</B
-></SPAN
-> surround optional items.</P
-></LI
-><LI
-><P
->Angle brackets <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->< ></B
-></SPAN
-> surround user-supplied values in AFS commands.</P
-></LI
-><LI
-><P
->A superscripted plus sign <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->+</B
-></SPAN
-> follows an argument that accepts more than one
- value.</P
-></LI
-><LI
-><P
->The percent sign <SAMP
-CLASS="computeroutput"
->%</SAMP
-> represents the regular command shell prompt. Some operating systems possibly use a different
- character for this prompt.</P
-></LI
-><LI
-><P
->The number sign <SAMP
-CLASS="computeroutput"
->#</SAMP
-> represents the command shell prompt for the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->.
- Some operating systems possibly use a different character for this prompt.</P
-></LI
-><LI
-><P
->The pipe symbol <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->|</B
-></SPAN
-> in a command syntax statement separates mutually exclusive values
- for an argument.</P
-></LI
-></UL
-></P
-><P
->For additional information on AFS commands, including a description of command string components, acceptable abbreviations
- and aliases, and how to get online help for commands, see <A
-HREF="a33826.html"
->Appendix B, Using AFS
- Commands</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="p128.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->AFS Administration Guide</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Concepts and Configuration Issues</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Index</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="AIX Audit Events"
-HREF="a35965.html"></HEAD
-><BODY
-CLASS="index"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="a35965.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-> </TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="index"
-><H1
-><A
-NAME="AEN37012"
-></A
->Index</H1
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN37013"
->A</A
-></H2
-><DL
-><DT
->a ACL permission,
- <A
-HREF="c31274.html#HDRWQ568"
->The Four Directory Permissions</A
->
- </DT
-><DT
->A instruction
- </DT
-><DD
-><DL
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ477"
->Creating Links with the L and S Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->access
- </DT
-><DD
-><DL
-><DT
->see ACL</DT
-><DT
->count, in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->permissions on ACL (see entries: permissions on ACL, ACL),
- <A
-HREF="c31274.html#HDRWQ567"
->The AFS ACL Permissions</A
->
- </DT
-><DT
->transparent (AFS feature),
- <A
-HREF="c130.html#HDRWQ12"
->The Uniform Namespace and Transparent Access</A
->
- </DT
-></DL
-></DD
-><DT
->ACL
- </DT
-><DD
-><DL
-><DT
->adding entries,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->auxiliary permissions,
- <A
-HREF="c31274.html#Header_635"
->The Eight Auxiliary Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cleaning,
- <A
-HREF="c31274.html#Header_647"
->To copy an ACL between directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->clearing,
- <A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->compared to UNIX protection,
- <A
-HREF="c31274.html#HDRWQ566"
->Differences Between UFS and AFS Data Protection</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->copying between directories,
- <A
-HREF="c31274.html#HDRWQ577"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->default on new volume,
- <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->editing entries,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->foreign users on,
- <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group entries, usefulness,
- <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->normal vs. negative permissions,
- <A
-HREF="c31274.html#HDRWQ570"
->Using Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->permissions defined,
- <A
-HREF="c31274.html#HDRWQ567"
->The AFS ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing entries,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing obsolete AFS IDs,
- <A
-HREF="c31274.html#Header_647"
->To copy an ACL between directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->replacing all entries,
- <A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting entries,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting for directory with uss,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting on user home directory with uss,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->shorthand notation for grouping permissions,
- <A
-HREF="c31274.html#Header_636"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system groups on,
- <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->active
- </DT
-><DD
-><DL
-><DT
->clients statistic from scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->state of fstrace event set,
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->adding
- </DT
-><DD
-><DL
-><DT
->ACL entry
- </DT
-><DD
-><DL
-><DT
->negative permissions,
- <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->
- </DT
-><DT
->normal permissions,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-></DL
-></DD
-><DT
->ADMIN flag to Authentication Database entry,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file (server) entry for database server machine,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->database server machine
- </DT
-><DD
-><DL
-><DT
->to client CellServDB file and kernel memory,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DT
->to server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-></DL
-></DD
-><DT
->disk to file server machine,
- <A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->members to groups,
- <A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read-only site definition in VLDB,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption key to KeyFile file,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system:administrators group members,
- <A
-HREF="c32432.html#Header_657"
->To add users to the system:administrators group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->UserList file users,
- <A
-HREF="c32432.html#HDRWQ594"
->To add users to the UserList file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ADMIN flag in Authentication Database entry
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privileges resulting,
- <A
-HREF="c32432.html#HDRWQ589"
->Granting Privilege for kas Commands: the ADMIN Flag</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting or removing,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->administer ACL permission
- </DT
-><DD
-><DL
-><DT
->see a ACL permission</DT
-></DL
-></DD
-><DT
->administering
- </DT
-><DD
-><DL
-><DT
->server machine,
- <A
-HREF="c3025.html"
->Administering Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->user accounts,
- <A
-HREF="c27596.html"
->Administering User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->administrative database
- </DT
-><DD
-><DL
-><DT
->about replicating,
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backing up,
- <A
-HREF="c3025.html#HDRWQ107"
->Backing Up and Restoring the Administrative Databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restoring,
- <A
-HREF="c3025.html#HDRWQ108"
->To back up the administrative databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->administrative privilege
- </DT
-><DD
-><DL
-><DT
->three types,
- <A
-HREF="c32432.html#HDRWQ584"
->An Overview of Administrative Privilege</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->AFS
- </DT
-><DD
-><DL
-><DT
->see AFS UID</DT
-><DT
->auditing events on AIX server machines,
- <A
-HREF="c18360.html#HDRWQ354"
->Auditing AFS Events on AIX File Servers</A
->
- </DT
-><DT
->authentication separate from UNIX,
- <A
-HREF="c667.html#HDRWQ62"
->The Two Types of User-Defined Groups</A
->
- </DT
-><DT
->differences from UNIX summarized,
- <A
-HREF="c667.html"
->Issues in Cell Configuration and Administration</A
->
- </DT
-><DT
->global namespace,
- <A
-HREF="c667.html#HDRWQ35"
->Why Choosing the Appropriate Cell Name is Important</A
->
- </DT
-><DT
->initialization script,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DT
->reducing traffic in,
- <A
-HREF="c130.html#HDRWQ16"
->Caching and Callbacks</A
->
- </DT
-><DT
->root directory (/afs)
- </DT
-><DT
->in cell filespace,
- <A
-HREF="c667.html#HDRWQ41"
->Configuring Your AFS Filespace</A
->
- </DT
-><DT
->on client machine,
- <A
-HREF="c667.html#HDRWQ36"
->Participating in the AFS Global Namespace</A
->
- </DT
-><DT
->security features,
- <A
-HREF="c667.html#HDRWQ72"
->Some Important Security Features</A
->
- </DT
-><DT
->server encryption key
- </DT
-><DT
->see server encryption key</DT
-><DT
->server processes used in,
- <A
-HREF="c130.html#HDRWQ17"
->AFS Server Processes and the Cache Manager</A
->
- </DT
-></DL
-></DD
-><DT
->afs entry in Authentication Database
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c20494.html#HDRWQ360"
->To display the KeyFile file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting server encryption key,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->AFS GID
- </DT
-><DD
-><DL
-><DT
->counter for automatic allocation, displaying and setting,
- <A
-HREF="c29323.html#Header_624"
->To set a Protection Database entry's privacy flags</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->definition,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying
- </DT
-><DD
-><DL
-><DT
->for all groups in Protection Database,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DT
->for one group,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-></DL
-></DD
-><DT
->removing obsolete from ACL,
- <A
-HREF="c31274.html#Header_647"
->To copy an ACL between directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->AFS UID
- </DT
-><DD
-><DL
-><DT
->assigning
- </DT
-><DD
-><DL
-><DT
->with pts createuser command,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->counter for automatic allocation, displaying and setting,
- <A
-HREF="c29323.html#Header_624"
->To set a Protection Database entry's privacy flags</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->definition,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying
- </DT
-><DD
-><DL
-><DT
->for all users and machines in Protection Database,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DT
->for one user or machine,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-></DL
-></DD
-><DT
->matching with UNIX UID,
- <A
-HREF="c24913.html#HDRWQ455"
->Creating Local Password File Entries with uss</A
->,
- <A
-HREF="c27596.html#HDRWQ494"
->The Components of an AFS User Account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing obsolete from ACL,
- <A
-HREF="c31274.html#Header_647"
->To copy an ACL between directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->reserved
- </DT
-><DD
-><DL
-><DT
->anonymous user,
- <A
-HREF="c667.html#HDRWQ57"
->Configuring AFS User Accounts</A
->
- </DT
-><DT
->system-defined groups,
- <A
-HREF="c667.html#Header_75"
->The Three System Groups</A
->
- </DT
-></DL
-></DD
-><DT
->reusing, about,
- <A
-HREF="c29323.html#HDRWQ542"
->Creating User and Machine Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting counters for automatic allocation,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->AFSCELL environment variable,
- <A
-HREF="c15383.html#HDRWQ287"
->Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A
->
- </DT
-><DT
->AFSCONF environment variable (NFS/AFS Translator),
- <A
-HREF="a33047.html#HDRWQ601"
->The AFSSERVER Variable</A
->
- </DT
-><DT
->afsd program,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DT
->afsmonitor program
- </DT
-><DD
-><DL
-><DT
->available statistics,
- <A
-HREF="a34149.html"
->The afsmonitor Program Statistics</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Cache Manager statistics,
- <A
-HREF="a34149.html#HDRWQ618"
->The Cache Manager Statistics</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->command syntax,
- <A
-HREF="c18360.html#HDRWQ352"
->Writing afsmonitor Statistics to a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating an output file,
- <A
-HREF="c18360.html#HDRWQ352"
->Writing afsmonitor Statistics to a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating configuration files for,
- <A
-HREF="c18360.html#HDRWQ351"
->Configuring the afsmonitor Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->features summarized,
- <A
-HREF="c18360.html#HDRWQ349"
->Using the afsmonitor Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file server statistics,
- <A
-HREF="a34149.html#HDRWQ619"
->The File Server Statistics</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->requirements for running,
- <A
-HREF="c18360.html#HDRWQ350"
->Requirements for running the afsmonitor program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->screen layout,
- <A
-HREF="c18360.html#Header_392"
->The afsmonitor Output Screens</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting terminal type,
- <A
-HREF="c18360.html#HDRWQ350"
->Requirements for running the afsmonitor program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->stopping,
- <A
-HREF="c18360.html#Header_399"
->To stop the afsmonitor program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->AFSSERVER environment variable (NFS/AFS Translator),
- <A
-HREF="a33047.html#HDRWQ600"
->Setting the AFSSERVER and AFSCONF Environment Variables</A
->
- </DT
-><DT
->afszcm.cat file,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DT
->AIX
- </DT
-><DD
-><DL
-><DT
->auditing AFS events
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c18360.html#HDRWQ354"
->Auditing AFS Events on AIX File Servers</A
->
- </DT
-></DL
-></DD
-><DT
->configuring tape device,
- <A
-HREF="c12776.html#HDRWQ261"
->Configuring Tape Coordinator Machines and Tape Devices</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->all shorthand for ACL permissions,
- <A
-HREF="c31274.html#Header_636"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DT
->all-or-nothing release of read-only volumes,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DT
->anonymous user
- </DT
-><DD
-><DL
-><DT
->AFS UID reserved,
- <A
-HREF="c667.html#HDRWQ57"
->Configuring AFS User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->identity assigned to unauthenticated user,
- <A
-HREF="c3025.html#HDRWQ123"
->Managing Authentication and Authorization Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->archiving
- </DT
-><DD
-><DL
-><DT
->tapes in Backup System,
- <A
-HREF="c12776.html#HDRWQ269"
->Archiving Tapes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ASK instruction in CFG_device_name file,
- <A
-HREF="c12776.html#HDRWQ278"
->Eliminating the Search or Prompt for the Initial Tape</A
->
- </DT
-><DT
->assigning
- </DT
-><DD
-><DL
-><DT
->AFS GID to group,
- <A
-HREF="c29323.html#HDRWQ543"
->To create machine entries in the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS UID to machine,
- <A
-HREF="c29323.html#HDRWQ541"
->To display all Protection Database entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS UID to user,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS UID with uss,
- <A
-HREF="c24913.html#HDRWQ455"
->Creating Local Password File Entries with uss</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->asynchrony
- </DT
-><DD
-><DL
-><DT
->enabling for Cache Manager write operations,
- <A
-HREF="c21473.html#HDRWQ418"
->Enabling Asynchronous Writes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when AFS files saved on NFS clients,
- <A
-HREF="a33047.html#HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->at-sys (@sys) variable in pathnames,
- <A
-HREF="c667.html#Header_66"
->Enabling Access to Foreign Cells</A
->
- </DT
-><DT
->auditing AFS events on AIX server machines,
- <A
-HREF="c18360.html#HDRWQ354"
->Auditing AFS Events on AIX File Servers</A
->
- </DT
-><DT
->authenticated identity
- </DT
-><DD
-><DL
-><DT
->acquiring with klog command,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->authentication
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_35"
->Differences in File and Directory Protection</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS separate from UNIX,
- <A
-HREF="c667.html#HDRWQ62"
->The Two Types of User-Defined Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->compared to authorization checking,
- <A
-HREF="c3025.html#HDRWQ123"
->Managing Authentication and Authorization Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->consequences of multiple failures,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->improving security,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Authentication Database
- </DT
-><DD
-><DL
-><DT
->afs entry,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing username,
- <A
-HREF="c27596.html#HDRWQ517"
->Displaying and Setting the Quota on User Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->entry
- </DT
-><DD
-><DL
-><DT
->creating with kas create command,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DT
->creating with uss,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-><DT
->deleting with uss,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DT
->removing,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-></DL
-></DD
-><DT
->password
- </DT
-><DD
-><DL
-><DT
->setting,
- <A
-HREF="c27596.html#Header_588"
->To prohibit reuse of passwords</A
->
- </DT
-></DL
-></DD
-><DT
->password lifetime, setting,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->,
- <A
-HREF="c27596.html#Header_586"
->To unlock a locked user account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption key
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c20494.html#HDRWQ360"
->To display the KeyFile file</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-></DL
-></DD
-><DT
->site for AFS server encryption key,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Authentication Server
- </DT
-><DD
-><DL
-><DT
->about starting and stopping,
- <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->as kaserver process,
- <A
-HREF="c6449.html#HDRWQ149"
->The kaserver Process: the Authentication Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ20"
->The Authentication Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying log file,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after adding entry to server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after removing entry from server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->runs on database server machine,
- <A
-HREF="c3025.html#HDRWQ91"
->Simple File Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ149"
->The kaserver Process: the Authentication Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->AuthLog file,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->authorization checking
- </DT
-><DD
-><DL
-><DT
->and restarting processes,
- <A
-HREF="c3025.html#HDRWQ124"
->Authentication versus Authorization</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->compared to authentication,
- <A
-HREF="c3025.html#HDRWQ123"
->Managing Authentication and Authorization Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->controlling cell-wide,
- <A
-HREF="c3025.html#HDRWQ124"
->Authentication versus Authorization</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c3025.html#HDRWQ123"
->Managing Authentication and Authorization Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disabling,
- <A
-HREF="c3025.html#HDRWQ125"
->Controlling Authorization Checking on a Server Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->enabling,
- <A
-HREF="c3025.html#HDRWQ126"
->To disable authorization checking on a server machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->automatic
- </DT
-><DD
-><DL
-><DT
->process restarts by BOS Server,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->update to admin. databases by Ubik,
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->automating
- </DT
-><DD
-><DL
-><DT
->creation of backup volumes,
- <A
-HREF="c8420.html#HDRWQ202"
->Backing Up Multiple Volumes at Once</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tape mounting and unmounting by Backup System,
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->AUTOQUERY instruction in CFG_device_name file,
- <A
-HREF="c12776.html#Header_313"
->The Available Parameters and Required Exit Codes</A
->
- </DT
-><DT
->auxiliary ACL permissions,
- <A
-HREF="c31274.html#Header_635"
->The Eight Auxiliary Permissions</A
->
- </DT
-><DT
->availability of data
- </DT
-><DD
-><DL
-><DT
->interrupted by dumping,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN37405"
->B</A
-></H2
-><DL
-><DT
->B instruction
- </DT
-><DD
-><DL
-><DT
->package configuration file,
- <A
-HREF="c23832.html#HDRWQ433"
->Defining a Symbolic Link</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->backing up
- </DT
-><DD
-><DL
-><DT
->administrative databases,
- <A
-HREF="c3025.html#HDRWQ107"
->Backing Up and Restoring the Administrative Databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Backup Database to tape,
- <A
-HREF="c15383.html#HDRWQ316"
->Maintaining the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data from AFS volumes,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->backup commands
- </DT
-><DD
-><DL
-><DT
->adddump,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->addhost,
- <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->addvolentry,
- <A
-HREF="c12776.html#Header_291"
->To create a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->addvolset,
- <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dbverify,
- <A
-HREF="c15383.html#HDRWQ318"
->Checking for and Repairing Corruption in the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deldump,
- <A
-HREF="c12776.html#Header_301"
->To change a dump level's expiration date</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deletedump,
- <A
-HREF="c15383.html#HDRWQ321"
->Removing Obsolete Records from the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->delhost,
- <A
-HREF="c12776.html#Header_287"
->To configure an additional Tape Coordinator on an existing Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->delvolentry,
- <A
-HREF="c12776.html#Header_294"
->To delete a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->delvolset,
- <A
-HREF="c12776.html#HDRWQ266"
->To display volume sets and volume entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->diskrestore,
- <A
-HREF="c15383.html#HDRWQ310"
->Using the backup diskrestore Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dump,
- <A
-HREF="c15383.html#HDRWQ301"
->To create a dump</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dumpinfo,
- <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting privilege for,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->interactive mode
- </DT
-><DD
-><DL
-><DT
->entering,
- <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->
- </DT
-><DT
->exiting,
- <A
-HREF="c15383.html#Header_325"
->To enter interactive mode</A
->
- </DT
-></DL
-></DD
-><DT
->jobs,
- <A
-HREF="c15383.html#Header_326"
->To exit interactive mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kill,
- <A
-HREF="c15383.html#HDRWQ289"
->To display pending or running jobs in interactive mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->labeltape,
- <A
-HREF="c12776.html#Header_306"
->Recording a Capacity on the Label</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listdumps,
- <A
-HREF="c12776.html#Header_302"
->To delete a dump level from the dump hierarchy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listhosts,
- <A
-HREF="c12776.html#Header_288"
->To unconfigure a Tape Coordinator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listvolsets,
- <A
-HREF="c12776.html#Header_292"
->To add a volume entry to a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->quit,
- <A
-HREF="c15383.html#Header_325"
->To enter interactive mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->readlabel,
- <A
-HREF="c12776.html#HDRWQ273"
->To label a tape</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restoredb,
- <A
-HREF="c15383.html#HDRWQ320"
->To repair corruption in the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->savedb,
- <A
-HREF="c15383.html#HDRWQ319"
->To verify the integrity of the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->scantape,
- <A
-HREF="c15383.html#HDRWQ305"
->To scan the contents of a tape</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setexp,
- <A
-HREF="c12776.html#Header_300"
->To add a dump level to the dump hierarchy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->status,
- <A
-HREF="c15383.html#Header_331"
->To stop a Tape Coordinator process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volinfo,
- <A
-HREF="c15383.html#HDRWQ303"
->To display dump records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volrestore,
- <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volsetrestore,
- <A
-HREF="c15383.html#HDRWQ314"
->Restoring Volumes Listed in a File with the -file Argument</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Backup Database
- </DT
-><DD
-><DL
-><DT
->administering,
- <A
-HREF="c15383.html#HDRWQ315"
->To restore a group of volumes with the backup volsetrestore command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backing up,
- <A
-HREF="c15383.html#HDRWQ316"
->Maintaining the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->described,
- <A
-HREF="c12776.html#HDRWQ256"
->The Backup Database and Backup Server Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dump hierarchy
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_302"
->To delete a dump level from the dump hierarchy</A
->
- </DT
-></DL
-></DD
-><DT
->dump ID numbers, displaying,
- <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dump levels
- </DT
-><DD
-><DL
-><DT
->adding,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-><DT
->deleting,
- <A
-HREF="c12776.html#Header_301"
->To change a dump level's expiration date</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_302"
->To delete a dump level from the dump hierarchy</A
->
- </DT
-></DL
-></DD
-><DT
->dump records
- </DT
-><DD
-><DL
-><DT
->creating as part of dump operation,
- <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->
- </DT
-></DL
-></DD
-><DT
->expiration dates,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-><DT
->changing,
- <A
-HREF="c12776.html#Header_300"
->To add a dump level to the dump hierarchy</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-></DL
-></DD
-><DT
->port offset numbers
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_288"
->To unconfigure a Tape Coordinator</A
->
- </DT
-></DL
-></DD
-><DT
->restoring,
- <A
-HREF="c15383.html#HDRWQ316"
->Maintaining the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Tape Coordinator
- </DT
-><DD
-><DL
-><DT
->adding entry,
- <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->
- </DT
-><DT
->removing entry,
- <A
-HREF="c12776.html#Header_287"
->To configure an additional Tape Coordinator on an existing Tape Coordinator machine</A
->
- </DT
-></DL
-></DD
-><DT
->verifying integrity,
- <A
-HREF="c15383.html#HDRWQ318"
->Checking for and Repairing Corruption in the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume dump history
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c15383.html#HDRWQ303"
->To display dump records</A
->
- </DT
-><DT
->recovering from tapes,
- <A
-HREF="c15383.html#HDRWQ304"
->To display a volume's dump history</A
->
- </DT
-></DL
-></DD
-><DT
->volume entry
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c12776.html#Header_291"
->To create a volume set</A
->
- </DT
-><DT
->deleting from volume set,
- <A
-HREF="c12776.html#Header_294"
->To delete a volume set</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_292"
->To add a volume entry to a volume set</A
->
- </DT
-></DL
-></DD
-><DT
->volume set
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->
- </DT
-><DT
->deleting,
- <A
-HREF="c12776.html#HDRWQ266"
->To display volume sets and volume entries</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_292"
->To add a volume entry to a volume set</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->Backup field in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->Backup Server
- </DT
-><DD
-><DL
-><DT
->about starting and stopping,
- <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->as buserver process,
- <A
-HREF="c6449.html#HDRWQ147"
->The buserver Process: the Backup Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ25"
->The Backup Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying log file,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after adding entry to server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after removing entry from server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->runs on database server machine,
- <A
-HREF="c3025.html#HDRWQ91"
->Simple File Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ147"
->The buserver Process: the Backup Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Backup System
- </DT
-><DD
-><DL
-><DT
->automating operations,
- <A
-HREF="c12776.html#HDRWQ275"
->Automating and Increasing the Efficiency of the Backup Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->automating tape mounting and unmounting,
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Backup Database
- </DT
-><DD
-><DL
-><DT
->see Backup Database</DT
-></DL
-></DD
-><DT
->Backup Server described,
- <A
-HREF="c130.html#HDRWQ25"
->The Backup Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration overview,
- <A
-HREF="c12776.html#HDRWQ257"
->Overview of Backup System Configuration</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data
- </DT
-><DD
-><DL
-><DT
->backing up/dumping,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DT
->recovering,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-><DT
->restoring,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-></DL
-></DD
-><DT
->dump
- </DT
-><DD
-><DL
-><DT
->see dump</DT
-></DL
-></DD
-><DT
->dump hierarchy
- </DT
-><DD
-><DL
-><DT
->see dump hierarchy</DT
-></DL
-></DD
-><DT
->dump history
- </DT
-><DD
-><DL
-><DT
->recovering from tapes,
- <A
-HREF="c15383.html#HDRWQ304"
->To display a volume's dump history</A
->
- </DT
-></DL
-></DD
-><DT
->dump ID number
- </DT
-><DD
-><DL
-><DT
->see dump</DT
-><DT
->assigning as part of dump operation,
- <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
->
- </DT
-></DL
-></DD
-><DT
->dump level
- </DT
-><DD
-><DL
-><DT
->see dump hierarchy</DT
-></DL
-></DD
-><DT
->dump name
- </DT
-><DD
-><DL
-><DT
->see dump</DT
-></DL
-></DD
-><DT
->dump operation, overview,
- <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dump records
- </DT
-><DD
-><DL
-><DT
->deleting,
- <A
-HREF="c15383.html#HDRWQ320"
->To repair corruption in the Backup Database</A
->
- </DT
-></DL
-></DD
-><DT
->dump set
- </DT
-><DD
-><DL
-><DT
->see dump set</DT
-></DL
-></DD
-><DT
->dumps, full and incremental defined,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->eliminating check for proper tape name,
- <A
-HREF="c12776.html#HDRWQ279"
->Enabling Default Responses to Error Conditions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->eliminating search/prompt for initial tape,
- <A
-HREF="c12776.html#Header_313"
->The Available Parameters and Required Exit Codes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->filemarks
- </DT
-><DD
-><DL
-><DT
->see Tape Coordinator</DT
-></DL
-></DD
-><DT
->interactive mode,
- <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->
- </DT
-><DD
-><DL
-><DT
->canceling operations,
- <A
-HREF="c15383.html#HDRWQ289"
->To display pending or running jobs in interactive mode</A
->
- </DT
-><DT
->displaying pending/running operations,
- <A
-HREF="c15383.html#Header_326"
->To exit interactive mode</A
->
- </DT
-></DL
-></DD
-><DT
->interfaces,
- <A
-HREF="c15383.html#HDRWQ286"
->Using the Backup System's Interfaces</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->introduction,
- <A
-HREF="c12776.html#HDRWQ251"
->Introduction to Backup System Features</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->job ID numbers
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c15383.html#Header_326"
->To exit interactive mode</A
->
- </DT
-></DL
-></DD
-><DT
->port offsets
- </DT
-><DD
-><DL
-><DT
->see Tape Coordinator</DT
-></DL
-></DD
-><DT
->recycling schedule for tapes,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->reducing operator intervention,
- <A
-HREF="c12776.html#HDRWQ275"
->Automating and Increasing the Efficiency of the Backup Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->regular expressions,
- <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restores
- </DT
-><DD
-><DL
-><DT
->date-specific,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-><DT
->full,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-></DL
-></DD
-><DT
->restoring
- </DT
-><DD
-><DL
-><DT
->backed up data,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-><DT
->backup data,
- <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->
- </DT
-><DT
->data,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-></DL
-></DD
-><DT
->running in foreign cell,
- <A
-HREF="c15383.html#HDRWQ287"
->Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->scanning tapes,
- <A
-HREF="c15383.html#HDRWQ304"
->To display a volume's dump history</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->suggestions for improving efficiency,
- <A
-HREF="c15383.html#HDRWQ297"
->Making Backup Operations More Efficient</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Tape Coordinator
- </DT
-><DD
-><DL
-><DT
->see Tape Coordinator</DT
-></DL
-></DD
-><DT
->tape name
- </DT
-><DD
-><DL
-><DT
->see tapes</DT
-></DL
-></DD
-><DT
->useCount counter on tape label,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->using default responses to errors,
- <A
-HREF="c12776.html#HDRWQ278"
->Eliminating the Search or Prompt for the Initial Tape</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume dump history
- </DT
-><DD
-><DL
-><DT
->recovering from tapes,
- <A
-HREF="c15383.html#HDRWQ304"
->To display a volume's dump history</A
->
- </DT
-></DL
-></DD
-><DT
->volume entry
- </DT
-><DD
-><DL
-><DT
->see volume entry</DT
-></DL
-></DD
-><DT
->volume set
- </DT
-><DD
-><DL
-><DT
->see volume set</DT
-></DL
-></DD
-></DL
-></DD
-><DT
->backup volume
- </DT
-><DD
-><DL
-><DT
->automating creation of,
- <A
-HREF="c8420.html#HDRWQ202"
->Backing Up Multiple Volumes at Once</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing name of,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating,
- <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating multiple at once,
- <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c8420.html#HDRWQ178"
->The Three Types of Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dumping,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ID number in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mounting,
- <A
-HREF="c8420.html#HDRWQ203"
->Automating Creation of Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->moving,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removed by read/write move,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removed by read/write removal,
- <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->space-saving nature of,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->suggested schedule for creation of,
- <A
-HREF="c8420.html#HDRWQ202"
->Backing Up Multiple Volumes at Once</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->BackupLog file,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->BAK version of binary file
- </DT
-><DD
-><DL
-><DT
->created by bos install command,
- <A
-HREF="c3025.html#HDRWQ111"
->Installing New Binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing obsolete,
- <A
-HREF="c3025.html#Header_134"
->To display binary version dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->used by bos uninstall command,
- <A
-HREF="c3025.html#Header_130"
->To install new server binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->banner line on the scout program screen,
- <A
-HREF="c18360.html#HDRWQ330"
->The Banner Line</A
->
- </DT
-><DT
->basenames in scout program,
- <A
-HREF="c18360.html#HDRWQ328"
->Using the -basename argument to Specify a Domain Name</A
->
- </DT
-><DT
->bdb.DB0 file,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DT
->bdb.DBSYS1 file,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DT
->binary distribution machine
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c3025.html#HDRWQ92"
->Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->identifying with bos status,
- <A
-HREF="c3025.html#HDRWQ96"
->To locate the system control machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->block special device
- </DT
-><DD
-><DL
-><DT
->creating with package,
- <A
-HREF="c23832.html#HDRWQ433"
->Defining a Symbolic Link</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->bos commands
- </DT
-><DD
-><DL
-><DT
->addhost,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->addkey
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c20494.html#HDRWQ363"
->To add a new server encryption key</A
->
- </DT
-><DT
->when handling key emergency,
- <A
-HREF="c20494.html#Header_430"
->To create a new server encryption key in emergencies</A
->
- </DT
-></DL
-></DD
-><DT
->adduser,
- <A
-HREF="c32432.html#HDRWQ594"
->To add users to the UserList file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->create,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->delete,
- <A
-HREF="c6449.html#Header_184"
->To stop a process and remove it from the BosConfig file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->exec,
- <A
-HREF="c3025.html#HDRWQ140"
->To reboot a file server machine from its console</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getdate,
- <A
-HREF="c3025.html#HDRWQ115"
->Displaying Binary Version Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getlog,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getrestart,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting privilege for,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->install,
- <A
-HREF="c3025.html#HDRWQ111"
->Installing New Binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listhosts,
- <A
-HREF="c3025.html#HDRWQ119"
->Distributing the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listkeys,
- <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listusers,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mutual authentication, bypassing,
- <A
-HREF="c3025.html#HDRWQ128"
->Bypassing Mutual Authentication for an Individual Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->prune,
- <A
-HREF="c3025.html#HDRWQ116"
->Removing Obsolete Binary Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removehost,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removekey,
- <A
-HREF="c20494.html#HDRWQ369"
->To remove a key from the KeyFile file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removeuser,
- <A
-HREF="c32432.html#Header_665"
->To remove users from the UserList file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restart
- </DT
-><DD
-><DL
-><DT
->excluding BOS Server,
- <A
-HREF="c6449.html#Header_193"
->To stop and restart all processes including the BOS Server</A
->
- </DT
-><DT
->including BOS Server,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-><DT
->selected processes,
- <A
-HREF="c6449.html#Header_194"
->To stop and immediately restart all processes except the BOS Server</A
->
- </DT
-><DT
->with -bosserver flag,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-></DL
-></DD
-><DT
->salvage,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setauth,
- <A
-HREF="c3025.html#HDRWQ125"
->Controlling Authorization Checking on a Server Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setrestart,
- <A
-HREF="c6449.html#Header_197"
->To display the BOS Server restart times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->shutdown,
- <A
-HREF="c6449.html#HDRWQ167"
->Stopping and Starting Processes Temporarily</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->start,
- <A
-HREF="c6449.html#HDRWQ166"
->To start processes by changing their status flags to Run</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->startup,
- <A
-HREF="c6449.html#HDRWQ168"
->To stop processes temporarily</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->status,
- <A
-HREF="c6449.html#HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->stop,
- <A
-HREF="c6449.html#HDRWQ165"
->To stop a process by changing its status to NotRun</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->summary of functions,
- <A
-HREF="c6449.html#HDRWQ146"
->The bosserver Process: the Basic OverSeer Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uninstall,
- <A
-HREF="c3025.html#HDRWQ113"
->Reverting to the Previous Version of Binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->BOS Server
- </DT
-><DD
-><DL
-><DT
->as bosserver process,
- <A
-HREF="c6449.html#HDRWQ146"
->The bosserver Process: the Basic OverSeer Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ19"
->The Basic OverSeer Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying log file,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->maintainer of server process binaries,
- <A
-HREF="c3025.html#HDRWQ109"
->To restore an administrative database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->memory state,
- <A
-HREF="c6449.html#HDRWQ155"
->How the BOS Server Uses the Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring server processes,
- <A
-HREF="c6449.html"
->Monitoring and Controlling Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restart times, displaying and setting,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->role in reboot of server machine,
- <A
-HREF="c3025.html#Header_160"
->To change a server machine's IP addresses</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of BosConfig file,
- <A
-HREF="c6449.html#HDRWQ155"
->How the BOS Server Uses the Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ146"
->The bosserver Process: the Basic OverSeer Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->BosConfig file,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-><DT
->changing status flag from NotRun to Run,
- <A
-HREF="c6449.html#HDRWQ166"
->To start processes by changing their status flags to Run</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing status flag from Run to NotRun,
- <A
-HREF="c6449.html#HDRWQ165"
->To stop a process by changing its status to NotRun</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating server process entry,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying entries,
- <A
-HREF="c6449.html#HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->information,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing server process entry,
- <A
-HREF="c6449.html#Header_184"
->To stop a process and remove it from the BosConfig file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restart times defined,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->BosLog file,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->bosserver
- </DT
-><DD
-><DL
-><DT
->see BOS Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->bulk mode in uss,
- <A
-HREF="c24913.html#HDRWQ487"
->To delete an AFS account</A
->
- </DT
-><DT
->buserver
- </DT
-><DD
-><DL
-><DT
->see Backup Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->butc command,
- <A
-HREF="c15383.html#HDRWQ291"
->Starting and Stopping the Tape Coordinator Process</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN37877"
->C</A
-></H2
-><DL
-><DT
->C instruction
- </DT
-><DD
-><DL
-><DT
->package configuration file,
- <A
-HREF="c23832.html#HDRWQ434"
->Defining a Block Special Device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->cache files (client),
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DT
->Cache Manager
- </DT
-><DD
-><DL
-><DT
->afsd initialization program,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->as interpreter of mount points,
- <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file (client), using,
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->collecting data with xstat data collection facility,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuring and customizing,
- <A
-HREF="c21473.html#HDRWQ390"
->Overview of Cache Manager Customization</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data cache
- </DT
-><DD
-><DL
-><DT
->displaying size set at reboot,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-></DL
-></DD
-><DT
->data cache size
- </DT
-><DD
-><DL
-><DT
->displaying current,
- <A
-HREF="c21473.html#HDRWQ396"
->To display the cache size set at reboot</A
->
- </DT
-><DT
->resetting to default value (for disk cache only),
- <A
-HREF="c21473.html#HDRWQ399"
->To change the disk cache size without rebooting</A
->
- </DT
-><DT
->setting in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ397"
->To display the current cache size</A
->
- </DT
-><DT
->setting until next reboot,
- <A
-HREF="c21473.html#HDRWQ398"
->To edit the cacheinfo file</A
->
- </DT
-></DL
-></DD
-><DT
->database server processes, contacting,
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->described,
- <A
-HREF="c21473.html#HDRWQ390"
->Overview of Cache Manager Customization</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying
- </DT
-><DD
-><DL
-><DT
->cache size from cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-></DL
-></DD
-><DT
->enabling asynchrony for write operations,
- <A
-HREF="c21473.html#HDRWQ418"
->Enabling Asynchronous Writes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushing cache,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->functions of,
- <A
-HREF="c130.html#HDRWQ28"
->The Cache Manager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->interfaces registered with File Server,
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->messages displayed, controlling,
- <A
-HREF="c21473.html#HDRWQ416"
->Controlling the Display of Warning and Informational Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring performance,
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->preference ranks for File Server and VL Server,
- <A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting
- </DT
-><DD
-><DL
-><DT
->cache size in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DT
->disk cache location,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DT
->home cell,
- <A
-HREF="c21473.html#HDRWQ411"
->Setting a Client Machine's Cell Membership</A
->
- </DT
-><DT
->probe interval for File Server,
- <A
-HREF="c21473.html#HDRWQ410"
->Setting the File Server Probe Interval</A
->
- </DT
-></DL
-></DD
-><DT
->setuid programs,
- <A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid Programs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system type name stored in kernel memory,
- <A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the System Type Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of NetInfo file,
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of NetRestrict file,
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat data collection facility libraries,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat data collections,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat example commands,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat_cm_test example command,
- <A
-HREF="c18360.html#Header_403"
->To use the example xstat_fs_test command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-><DT
->displaying contents,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->format,
- <A
-HREF="c21473.html#HDRWQ397"
->To display the current cache size</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->resetting disk cache to size specified,
- <A
-HREF="c21473.html#HDRWQ399"
->To change the disk cache size without rebooting</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting
- </DT
-><DD
-><DL
-><DT
->cache size,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DT
->disk cache location,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->CacheItems file,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DT
->caching,
- <A
-HREF="c130.html#HDRWQ16"
->Caching and Callbacks</A
->
- </DT
-><DT
->callback,
- <A
-HREF="c130.html#HDRWQ16"
->Caching and Callbacks</A
->
- </DT
-><DT
->cell,
- <A
-HREF="c130.html#HDRWQ11"
->Cells</A
->
- </DT
-><DD
-><DL
-><DT
->changing list in client kernel memory,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->filespace configuration issues,
- <A
-HREF="c667.html#HDRWQ40"
->Granting and Denying Foreign Users Access to Your Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->foreign,
- <A
-HREF="c130.html#HDRWQ11"
->Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting local access to foreign users,
- <A
-HREF="c667.html#HDRWQ39"
->Making Other Cells Visible in Your Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->local,
- <A
-HREF="c130.html#HDRWQ11"
->Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->making foreign visible to local,
- <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->making local visible to foreign,
- <A
-HREF="c667.html#HDRWQ37"
->What the Global Namespace Looks Like</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->name
- </DT
-><DD
-><DL
-><DT
->at second level in file tree,
- <A
-HREF="c667.html#HDRWQ36"
->Participating in the AFS Global Namespace</A
->,
- <A
-HREF="c667.html#Header_51"
->The Top /afs Level</A
->
- </DT
-><DT
->choosing,
- <A
-HREF="c667.html#Header_41"
->Setuid Programs</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c667.html#HDRWQ34"
->Choosing a Cell Name</A
->
- </DT
-></DL
-></DD
-><DT
->setting home cell for client machine,
- <A
-HREF="c21473.html#HDRWQ411"
->Setting a Client Machine's Cell Membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->CellServDB file (client)
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->,
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->central update source for clients,
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->copied into kernel memory,
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->correct format,
- <A
-HREF="c21473.html#HDRWQ407"
->The Format of the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->global source from AFS Support,
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->maintaining,
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->updating with or without package,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->CellServDB file (server)
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->adding database server machine,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c3025.html#HDRWQ119"
->Distributing the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->effect of wrong information in,
- <A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->importance to Ubik operation,
- <A
-HREF="c3025.html#HDRWQ102"
->Replicating the AFS Administrative Databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->maintaining,
- <A
-HREF="c3025.html#Header_138"
->To display an AFS binary's build level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing database server machine,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->CellServDB file maintained by AFS Product Support
- </DT
-><DD
-><DL
-><DT
->as global update source,
- <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->CellServDB.local file,
- <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->
- </DT
-><DT
->cellular mount point
- </DT
-><DD
-><DL
-><DT
->see mount point</DT
-></DL
-></DD
-><DT
->CFG_device_name file,
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DT
->changing
- </DT
-><DD
-><DL
-><DT
->ACL entries,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data cache size specified in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data cache size temporarily,
- <A
-HREF="c21473.html#HDRWQ398"
->To edit the cacheinfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk cache location, in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk cache size to default value,
- <A
-HREF="c21473.html#HDRWQ399"
->To change the disk cache size without rebooting</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group ownership to self-owned,
- <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group-creation quota,
- <A
-HREF="c29323.html#HDRWQ557"
->To change the name of a machine or group entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mount point when renaming user,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database entry
- </DT
-><DD
-><DL
-><DT
->name,
- <A
-HREF="c29323.html#HDRWQ555"
->To change a group's owner</A
->
- </DT
-><DT
->owner,
- <A
-HREF="c29323.html#HDRWQ553"
->To delete Protection Database entries</A
->
- </DT
-></DL
-></DD
-><DT
->username,
- <A
-HREF="c27596.html#HDRWQ517"
->Displaying and Setting the Quota on User Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume name,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume name when renaming user,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->character special device
- </DT
-><DD
-><DL
-><DT
->creating with package,
- <A
-HREF="c23832.html#HDRWQ434"
->Defining a Block Special Device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->checksum,
- <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
->
- </DT
-><DT
->chgrp command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->chmod command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->choosing
- </DT
-><DD
-><DL
-><DT
->name
- </DT
-><DD
-><DL
-><DT
->cell,
- <A
-HREF="c667.html#Header_41"
->Setuid Programs</A
->
- </DT
-><DT
->user,
- <A
-HREF="c667.html#HDRWQ57"
->Configuring AFS User Accounts</A
->
- </DT
-><DT
->user volume,
- <A
-HREF="c667.html#HDRWQ58"
->Choosing Usernames and Naming Other Account Components</A
->
- </DT
-><DT
->user volume mount point,
- <A
-HREF="c667.html#HDRWQ58"
->Choosing Usernames and Naming Other Account Components</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->chown command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->clearing
- </DT
-><DD
-><DL
-><DT
->all ACL entries,
- <A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->contents of trace log (fstrace),
- <A
-HREF="c18360.html#Header_387"
->To dump the contents of a trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->client
- </DT
-><DD
-><DL
-><DT
->configuring local disk with package,
- <A
-HREF="c23832.html"
->Configuring Client Machines with the package Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->definition,
- <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->machine
- </DT
-><DD
-><DL
-><DT
->definition,
- <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->
- </DT
-></DL
-></DD
-><DT
->modifying to run package,
- <A
-HREF="c23832.html#HDRWQ447"
->Modifying Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->client machine
- </DT
-><DD
-><DL
-><DT
->/usr/vice/etc directory,
- <A
-HREF="c21473.html#HDRWQ391"
->Configuration and Cache-Related Files on the Local Disk</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cache files,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file, displaying,
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing CellServDB file,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing list of cells in kernel memory,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration files,
- <A
-HREF="c21473.html#HDRWQ391"
->Configuration and Cache-Related Files on the Local Disk</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration issues,
- <A
-HREF="c667.html#Header_63"
->Monitoring, Rebooting and Automatic Process Restarts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->controlling running of setuid programs,
- <A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid Programs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data cache size
- </DT
-><DD
-><DL
-><DT
->displaying current,
- <A
-HREF="c21473.html#HDRWQ396"
->To display the cache size set at reboot</A
->
- </DT
-><DT
->setting in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ397"
->To display the current cache size</A
->
- </DT
-><DT
->setting until next reboot,
- <A
-HREF="c21473.html#HDRWQ398"
->To edit the cacheinfo file</A
->
- </DT
-></DL
-></DD
-><DT
->data cache size set at reboot
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-></DL
-></DD
-><DT
->database server machines, displaying knowledge of,
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->database server processes, contacting,
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk cache size
- </DT
-><DD
-><DL
-><DT
->resetting to default value,
- <A
-HREF="c21473.html#HDRWQ399"
->To change the disk cache size without rebooting</A
->
- </DT
-></DL
-></DD
-><DT
->disk versus memory cache,
- <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size, and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying
- </DT
-><DD
-><DL
-><DT
->data cache size from cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-></DL
-></DD
-><DT
->enabling access to foreign cell,
- <A
-HREF="c667.html#Header_66"
->Enabling Access to Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->files required on local disk,
- <A
-HREF="c667.html#HDRWQ54"
->Configuring Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushing data cache,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->making foreign cell visible,
- <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->messages displayed, controlling,
- <A
-HREF="c21473.html#HDRWQ416"
->Controlling the Display of Warning and Informational Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring performance,
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting
- </DT
-><DD
-><DL
-><DT
->data cache size in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DT
->disk cache location,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DT
->home cell,
- <A
-HREF="c21473.html#HDRWQ411"
->Setting a Client Machine's Cell Membership</A
->
- </DT
-></DL
-></DD
-><DT
->setting home cell,
- <A
-HREF="c667.html#HDRWQ34"
->Choosing a Cell Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system type name stored in Cache Manager memory,
- <A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the System Type Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->client machines statistic from scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DT
->clocks
- </DT
-><DD
-><DL
-><DT
->need to synchronize for Ubik,
- <A
-HREF="c3025.html#HDRWQ103"
->Configuring the Cell for Proper Ubik Operation</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->clone,
- <A
-HREF="c130.html#HDRWQ15"
->Replication</A
->,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DD
-><DL
-><DT
->forcing creation of new,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->cloning
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->for backup,
- <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->for replication,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->close system call
- </DT
-><DD
-><DL
-><DT
->for files saved on AFS client,
- <A
-HREF="c667.html#HDRWQ32"
->Creating Hard Links</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->for files saved on NFS client,
- <A
-HREF="a33047.html#HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->cm event set (fstrace),
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DT
->cmfx trace log (fstrace),
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DT
->collecting
- </DT
-><DD
-><DL
-><DT
->data with xstat data collection facility,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->command interpreters
- </DT
-><DD
-><DL
-><DT
->CellServDB file (client), using,
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->command parameters
- </DT
-><DD
-><DL
-><DT
->in BosConfig file,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->command suite
- </DT
-><DD
-><DL
-><DT
->binaries
- </DT
-><DD
-><DL
-><DT
->displaying time stamp,
- <A
-HREF="c3025.html#Header_132"
->To revert to the previous version of binaries</A
->
- </DT
-><DT
->installing,
- <A
-HREF="c3025.html#HDRWQ110"
->Installing Server Process Software</A
->
- </DT
-><DT
->removing obsolete,
- <A
-HREF="c3025.html#Header_134"
->To display binary version dates</A
->
- </DT
-><DT
->uninstalling,
- <A
-HREF="c3025.html#Header_130"
->To install new server binaries</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->commands
- </DT
-><DD
-><DL
-><DT
->afsd,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->afsmonitor,
- <A
-HREF="c18360.html#HDRWQ352"
->Writing afsmonitor Statistics to a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup
- </DT
-><DD
-><DL
-><DT
->to enter interactive mode,
- <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->
- </DT
-></DL
-></DD
-><DT
->backup adddump,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup addhost,
- <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup addvolentry,
- <A
-HREF="c12776.html#Header_291"
->To create a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup addvolset,
- <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup dbverify,
- <A
-HREF="c15383.html#HDRWQ318"
->Checking for and Repairing Corruption in the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup deldump,
- <A
-HREF="c12776.html#Header_301"
->To change a dump level's expiration date</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup deletedump,
- <A
-HREF="c15383.html#HDRWQ321"
->Removing Obsolete Records from the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup delhost,
- <A
-HREF="c12776.html#Header_287"
->To configure an additional Tape Coordinator on an existing Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup delvolentry,
- <A
-HREF="c12776.html#Header_294"
->To delete a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup delvolset,
- <A
-HREF="c12776.html#HDRWQ266"
->To display volume sets and volume entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup diskrestore,
- <A
-HREF="c15383.html#HDRWQ310"
->Using the backup diskrestore Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup dump,
- <A
-HREF="c15383.html#HDRWQ301"
->To create a dump</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup dumpinfo,
- <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup interactive,
- <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup jobs,
- <A
-HREF="c15383.html#Header_326"
->To exit interactive mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup kill,
- <A
-HREF="c15383.html#HDRWQ289"
->To display pending or running jobs in interactive mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup labeltape,
- <A
-HREF="c12776.html#Header_306"
->Recording a Capacity on the Label</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup listdumps,
- <A
-HREF="c12776.html#Header_302"
->To delete a dump level from the dump hierarchy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup listhosts,
- <A
-HREF="c12776.html#Header_288"
->To unconfigure a Tape Coordinator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup listvolsets,
- <A
-HREF="c12776.html#Header_292"
->To add a volume entry to a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup quit,
- <A
-HREF="c15383.html#Header_325"
->To enter interactive mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup readlabel,
- <A
-HREF="c12776.html#HDRWQ273"
->To label a tape</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup restoredb,
- <A
-HREF="c15383.html#HDRWQ320"
->To repair corruption in the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup savedb,
- <A
-HREF="c15383.html#HDRWQ319"
->To verify the integrity of the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup scantape,
- <A
-HREF="c15383.html#HDRWQ305"
->To scan the contents of a tape</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup setexp,
- <A
-HREF="c12776.html#Header_300"
->To add a dump level to the dump hierarchy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup status,
- <A
-HREF="c15383.html#Header_331"
->To stop a Tape Coordinator process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup volinfo,
- <A
-HREF="c15383.html#HDRWQ303"
->To display dump records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup volrestore,
- <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup volsetrestore,
- <A
-HREF="c15383.html#HDRWQ314"
->Restoring Volumes Listed in a File with the -file Argument</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos addhost,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos addkey,
- <A
-HREF="c20494.html#HDRWQ363"
->To add a new server encryption key</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos adduser,
- <A
-HREF="c32432.html#HDRWQ594"
->To add users to the UserList file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos create,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos delete,
- <A
-HREF="c6449.html#Header_184"
->To stop a process and remove it from the BosConfig file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos exec,
- <A
-HREF="c3025.html#HDRWQ140"
->To reboot a file server machine from its console</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos getdate,
- <A
-HREF="c3025.html#HDRWQ115"
->Displaying Binary Version Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos getlog,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos getrestart,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos install,
- <A
-HREF="c3025.html#HDRWQ111"
->Installing New Binaries</A
->,
- <A
-HREF="c3025.html#HDRWQ113"
->Reverting to the Previous Version of Binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos listhosts,
- <A
-HREF="c3025.html#HDRWQ119"
->Distributing the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos listkeys,
- <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos listusers,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos prune,
- <A
-HREF="c3025.html#HDRWQ116"
->Removing Obsolete Binary Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos removehost,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos removekey,
- <A
-HREF="c20494.html#HDRWQ369"
->To remove a key from the KeyFile file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos removeuser,
- <A
-HREF="c32432.html#Header_665"
->To remove users from the UserList file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos restart
- </DT
-><DD
-><DL
-><DT
->excluding BOS Server,
- <A
-HREF="c6449.html#Header_193"
->To stop and restart all processes including the BOS Server</A
->
- </DT
-><DT
->including BOS Server,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-><DT
->selected processes,
- <A
-HREF="c6449.html#Header_194"
->To stop and immediately restart all processes except the BOS Server</A
->
- </DT
-></DL
-></DD
-><DT
->bos salvage,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos setauth,
- <A
-HREF="c3025.html#HDRWQ125"
->Controlling Authorization Checking on a Server Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos setrestart,
- <A
-HREF="c6449.html#Header_197"
->To display the BOS Server restart times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos shutdown,
- <A
-HREF="c6449.html#HDRWQ167"
->Stopping and Starting Processes Temporarily</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos start,
- <A
-HREF="c6449.html#HDRWQ166"
->To start processes by changing their status flags to Run</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos startup,
- <A
-HREF="c6449.html#HDRWQ168"
->To stop processes temporarily</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos status,
- <A
-HREF="c6449.html#HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos stop,
- <A
-HREF="c6449.html#HDRWQ165"
->To stop a process by changing its status to NotRun</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->butc,
- <A
-HREF="c15383.html#HDRWQ291"
->Starting and Stopping the Tape Coordinator Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->chgrp (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->chmod (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->chown (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->executing from uss template file,
- <A
-HREF="c24913.html#HDRWQ478"
->Increasing Account Security with the A Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fms,
- <A
-HREF="c12776.html#HDRWQ259"
->To run the fms command on a noncompressing tape device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs checkservers,
- <A
-HREF="c21473.html#Header_461"
->To set a client's file server probe interval</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs checkvolumes,
- <A
-HREF="c21473.html#Header_467"
->To flush all data from a volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs cleanacl,
- <A
-HREF="c31274.html#HDRWQ579"
->Removing Obsolete AFS IDs from ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs copyacl,
- <A
-HREF="c31274.html#HDRWQ577"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs examine,
- <A
-HREF="c8420.html#HDRWQ224"
->To display the name of the volume that contains a file</A
->,
- <A
-HREF="c8420.html#Header_253"
->To display quota, current size, and other information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs exportafs,
- <A
-HREF="a33047.html#Header_679"
->To configure an NFS/AFS translator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs flush,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs flushmount,
- <A
-HREF="c21473.html#Header_468"
->To force the Cache Manager to notice other volume changes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs flushvolume,
- <A
-HREF="c21473.html#Header_466"
->To flush certain files or directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs getcacheparms,
- <A
-HREF="c21473.html#HDRWQ396"
->To display the cache size set at reboot</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs getcellstatus,
- <A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid Programs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs getclientaddrs,
- <A
-HREF="c21473.html#Header_478"
->To create or edit the client NetRestrict file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs getserverprefs,
- <A
-HREF="c21473.html#Header_473"
->Displaying and Setting Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs listacl,
- <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs listcells,
- <A
-HREF="c21473.html#Header_454"
->To display the /usr/vice/etc/CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs listquota,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->,
- <A
-HREF="c8420.html#Header_252"
->To display percent quota used</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs lsmount,
- <A
-HREF="c8420.html#HDRWQ211"
->To display a mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs messages,
- <A
-HREF="c21473.html#HDRWQ416"
->Controlling the Display of Warning and Informational Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs mkmount,
- <A
-HREF="c8420.html#Header_212"
->To create (and mount) a read/write volume</A
->
- </DT
-><DD
-><DL
-><DT
->general instructions,
- <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->
- </DT
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DT
->when creating user account,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-><DT
->when mounting backup volume,
- <A
-HREF="c8420.html#HDRWQ205"
->To create and mount a backup volume</A
->
- </DT
-><DT
->when renaming volume,
- <A
-HREF="c8420.html#HDRWQ246"
->To rename a volume</A
->
- </DT
-><DT
->when restoring volume,
- <A
-HREF="c8420.html#HDRWQ242"
->To restore a dump into a new volume and mount it</A
->
- </DT
-></DL
-></DD
-><DT
->fs newcell,
- <A
-HREF="c21473.html#Header_456"
->To change the list of a cell's database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs quota,
- <A
-HREF="c8420.html#Header_251"
->To set maximum quota on one or more volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs rmmount,
- <A
-HREF="c8420.html#HDRWQ215"
->To remove a mount point</A
->,
- <A
-HREF="c8420.html#HDRWQ236"
->To remove a volume and unmount it</A
->,
- <A
-HREF="c8420.html#HDRWQ246"
->To rename a volume</A
->,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs setacl,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-><DT
->with -clear flag,
- <A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
->
- </DT
-><DT
->with -negative flag,
- <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->
- </DT
-></DL
-></DD
-><DT
->fs setcachesize,
- <A
-HREF="c21473.html#HDRWQ398"
->To edit the cacheinfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs setcell,
- <A
-HREF="c21473.html#Header_458"
->To determine a cell's setuid status</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs setclientaddrs,
- <A
-HREF="c21473.html#Header_479"
->To display the list of addresses from kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs setquota,
- <A
-HREF="c8420.html#Header_250"
->To set quota for a single volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs setserverprefs,
- <A
-HREF="c21473.html#Header_474"
->To display server preference ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs setvol,
- <A
-HREF="c8420.html#Header_251"
->To set maximum quota on one or more volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs storebehind
- </DT
-><DD
-><DL
-><DT
->displaying asynchrony for specific files,
- <A
-HREF="c21473.html#Header_489"
->To display the default store asynchrony</A
->
- </DT
-><DT
->displaying default asynchrony,
- <A
-HREF="c21473.html#Header_488"
->To set the store asynchrony for one or more files</A
->
- </DT
-><DT
->setting asynchrony for specific files,
- <A
-HREF="c21473.html#Header_487"
->To set the default store asynchrony</A
->
- </DT
-><DT
->setting default asynchrony,
- <A
-HREF="c21473.html#HDRWQ418"
->Enabling Asynchronous Writes</A
->
- </DT
-></DL
-></DD
-><DT
->fs sysname,
- <A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the System Type Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs whereis,
- <A
-HREF="c8420.html#HDRWQ225"
->To display the ID number of the volume that contains a file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fsck (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fsck (AFS version),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fstrace clear,
- <A
-HREF="c18360.html#Header_387"
->To dump the contents of a trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fstrace dump,
- <A
-HREF="c18360.html#HDRWQ347"
->Dumping and Clearing the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fstrace lslog,
- <A
-HREF="c18360.html#Header_384"
->To display the state of an event set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fstrace lsset,
- <A
-HREF="c18360.html#HDRWQ346"
->Displaying the State of a Trace Log or Event Set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fstrace setlog,
- <A
-HREF="c18360.html#HDRWQ344"
->Activating the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fstrace setset,
- <A
-HREF="c18360.html#Header_381"
->To configure the trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ftp (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ftpd (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->groups (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->inetd (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kas create,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-><DD
-><DL
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->kas delete,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-><DD
-><DL
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->kas examine,
- <A
-HREF="c20494.html#HDRWQ360"
->To display the KeyFile file</A
->
- </DT
-><DD
-><DL
-><DT
->to display ADMIN flag,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-></DL
-></DD
-><DT
->kas interactive,
- <A
-HREF="c3025.html#HDRWQ128"
->Bypassing Mutual Authentication for an Individual Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kas setfields,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-><DT
->limiting failed authentication attempts,
- <A
-HREF="c27596.html#HDRWQ515"
->Improving Password and Authentication Security</A
->
- </DT
-><DT
->prohibiting password reuse,
- <A
-HREF="c27596.html#Header_587"
->To set password lifetime</A
->
- </DT
-><DT
->setting ADMIN flag,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-><DT
->setting password lifetime,
- <A
-HREF="c27596.html#Header_586"
->To unlock a locked user account</A
->
- </DT
-></DL
-></DD
-><DT
->kas setpassword,
- <A
-HREF="c667.html#Header_83"
->Changing Passwords</A
->,
- <A
-HREF="c20494.html#HDRWQ363"
->To add a new server encryption key</A
->,
- <A
-HREF="c27596.html#HDRWQ516"
->Changing AFS Passwords</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kas unlock,
- <A
-HREF="c27596.html#Header_586"
->To unlock a locked user account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->klog,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->klog with -setpag flag,
- <A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->klog.krb,
- <A
-HREF="c667.html#HDRWQ70"
->Support for Kerberos Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->knfs,
- <A
-HREF="a33047.html#HDRWQ612"
->Authenticating on Unsupported NFS Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kpasswd,
- <A
-HREF="c667.html#Header_83"
->Changing Passwords</A
->,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ln (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mount,
- <A
-HREF="a33047.html#Header_682"
->To configure an NFS client machine to access AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->package,
- <A
-HREF="c23832.html#Header_533"
->To invoke the package program by rebooting</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pagsh,
- <A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pagsh.krb,
- <A
-HREF="c667.html#HDRWQ70"
->Support for Kerberos Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privileged, defined,
- <A
-HREF="c3025.html#HDRWQ123"
->Managing Authentication and Authorization Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts adduser,
- <A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
->
- </DT
-><DD
-><DL
-><DT
->for system:administrators group,
- <A
-HREF="c32432.html#Header_657"
->To add users to the system:administrators group</A
->
- </DT
-></DL
-></DD
-><DT
->pts chown,
- <A
-HREF="c29323.html#HDRWQ554"
->Changing a Group's Owner</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts creategroup,
- <A
-HREF="c29323.html#HDRWQ545"
->Using Groups Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts createuser
- </DT
-><DD
-><DL
-><DT
->machine entry,
- <A
-HREF="c29323.html#HDRWQ542"
->Creating User and Machine Entries</A
->
- </DT
-><DT
->user account,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-></DL
-></DD
-><DT
->pts delete,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->,
- <A
-HREF="c29323.html#HDRWQ552"
->Deleting Protection Database Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts examine,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts listentries,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts listmax,
- <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts listowned,
- <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts membership,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-><DT
->displaying system:administrators group,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-></DL
-></DD
-><DT
->pts removeuser,
- <A
-HREF="c29323.html#HDRWQ550"
->To add users and machines to groups</A
->
- </DT
-><DD
-><DL
-><DT
->for system:administrators group,
- <A
-HREF="c32432.html#HDRWQ588"
->To remove users from the system:administrators group</A
->
- </DT
-></DL
-></DD
-><DT
->pts rename
- </DT
-><DD
-><DL
-><DT
->machine or group name,
- <A
-HREF="c29323.html#HDRWQ556"
->Changing a Protection Database Entry's Name</A
->
- </DT
-><DT
->username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->pts setfields
- </DT
-><DD
-><DL
-><DT
->setting group creation quota,
- <A
-HREF="c29323.html#HDRWQ558"
->Setting Group-Creation Quota</A
->
- </DT
-><DT
->setting privacy flags,
- <A
-HREF="c29323.html#HDRWQ559"
->Setting the Privacy Flags on Database Entries</A
->
- </DT
-></DL
-></DD
-><DT
->pts setmax,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rcp (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rlogind (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rsh (AFS compared to UNIX),
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->scout,
- <A
-HREF="c18360.html#HDRWQ334"
->Resizing the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->share,
- <A
-HREF="a33047.html#Header_679"
->To configure an NFS/AFS translator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->strings,
- <A
-HREF="c3025.html#HDRWQ117"
->Displaying A Binary File's Build Level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->sys,
- <A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the System Type Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tokens,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tokens.krb,
- <A
-HREF="c667.html#HDRWQ70"
->Support for Kerberos Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->udebug,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->umount,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->unlog,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss add,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss bulk,
- <A
-HREF="c24913.html#Header_571"
->To create and delete multiple AFS user accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss delete,
- <A
-HREF="c24913.html#HDRWQ487"
->To delete an AFS account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos addsite,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos backup,
- <A
-HREF="c8420.html#HDRWQ205"
->To create and mount a backup volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos backupsys,
- <A
-HREF="c8420.html#HDRWQ205"
->To create and mount a backup volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos changeaddr,
- <A
-HREF="c3025.html#Header_158"
->To display all server entries from the VLDB</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos create
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#Header_212"
->To create (and mount) a read/write volume</A
->
- </DT
-><DT
->when creating user account,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-></DL
-></DD
-><DT
->vos delentry,
- <A
-HREF="c8420.html#Header_256"
->Other Removal Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos dump,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos examine
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-></DL
-></DD
-><DT
->vos listaddrs,
- <A
-HREF="c3025.html#Header_157"
->To create or edit the server NetRestrict file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos listpart,
- <A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos listvldb
- </DT
-><DD
-><DL
-><DT
->syntax,
- <A
-HREF="c8420.html#HDRWQ217"
->Displaying VLDB Entries</A
->
- </DT
-></DL
-></DD
-><DT
->vos listvol
- </DT
-><DD
-><DL
-><DT
->syntax,
- <A
-HREF="c8420.html#HDRWQ219"
->Displaying Volume Headers</A
->
- </DT
-></DL
-></DD
-><DT
->vos lock,
- <A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos move
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-></DL
-></DD
-><DT
->vos partinfo,
- <A
-HREF="c8420.html#Header_212"
->To create (and mount) a read/write volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos release
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-></DL
-></DD
-><DT
->vos remove,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ236"
->To remove a volume and unmount it</A
->
- </DT
-></DL
-></DD
-><DT
->vos remsite,
- <A
-HREF="c8420.html#Header_256"
->Other Removal Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos rename
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->vos restore,
- <A
-HREF="c8420.html#Header_261"
->About Restoring Volumes</A
->,
- <A
-HREF="c8420.html#HDRWQ242"
->To restore a dump into a new volume and mount it</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos syncserv,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos syncvldb,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos unlock,
- <A
-HREF="c8420.html#Header_267"
->To lock a VLDB entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos unlockvldb,
- <A
-HREF="c8420.html#Header_268"
->To unlock a single VLDB entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos zap,
- <A
-HREF="c8420.html#Header_256"
->Other Removal Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->which,
- <A
-HREF="c3025.html#HDRWQ117"
->Displaying A Binary File's Build Level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat_cm_test,
- <A
-HREF="c18360.html#Header_403"
->To use the example xstat_fs_test command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat_fs_test,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->common configuration files (server),
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DT
->compilation
- </DT
-><DD
-><DL
-><DT
->date of, listing on binary file,
- <A
-HREF="c3025.html#Header_132"
->To revert to the previous version of binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->compiling
- </DT
-><DD
-><DL
-><DT
->package prototype file,
- <A
-HREF="c23832.html#HDRWQ446"
->Compiling Prototype Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->configuration file
- </DT
-><DD
-><DL
-><DT
->see CFG_&lt;device_name&gt; configuration file</DT
-><DT
->instructions for package program,
- <A
-HREF="c23832.html#HDRWQ429"
->Package Configuration File Instruction Syntax</A
->
- </DT
-></DL
-></DD
-><DT
->configuration files
- </DT
-><DD
-><DL
-><DT
->client machine,
- <A
-HREF="c21473.html#HDRWQ391"
->Configuration and Cache-Related Files on the Local Disk</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->package program,
- <A
-HREF="c23832.html#HDRWQ424"
->Compiling Prototype Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server machine, common,
- <A
-HREF="c3025.html#HDRWQ93"
->Binary Distribution Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->configuring
- </DT
-><DD
-><DL
-><DT
->afsmonitor program,
- <A
-HREF="c18360.html#HDRWQ351"
->Configuring the afsmonitor Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Cache Manager,
- <A
-HREF="c21473.html#HDRWQ390"
->Overview of Cache Manager Customization</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->client machine, issues,
- <A
-HREF="c667.html#Header_63"
->Monitoring, Rebooting and Automatic Process Restarts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file server machine, issues,
- <A
-HREF="c667.html#Header_58"
->The Default Quota and ACL on a New Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->filespace, issues,
- <A
-HREF="c667.html#HDRWQ40"
->Granting and Denying Foreign Users Access to Your Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->local disk of client with package,
- <A
-HREF="c23832.html"
->Configuring Client Machines with the package Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->trace log (fstrace),
- <A
-HREF="c18360.html#HDRWQ344"
->Activating the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Conn statistic from scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DT
->consistency guarantees
- </DT
-><DD
-><DL
-><DT
->administrative databases,
- <A
-HREF="c3025.html#HDRWQ104"
->How Ubik Operates Automatically</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cached data,
- <A
-HREF="c130.html#HDRWQ16"
->Caching and Callbacks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->constants
- </DT
-><DD
-><DL
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ464"
->Creating the Three Types of User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->contacting processes
- </DT
-><DD
-><DL
-><DT
->Authentication Server,
- <A
-HREF="c6449.html#HDRWQ149"
->The kaserver Process: the Authentication Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Backup Server,
- <A
-HREF="c6449.html#HDRWQ147"
->The buserver Process: the Backup Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->BOS Server,
- <A
-HREF="c6449.html#HDRWQ146"
->The bosserver Process: the Basic OverSeer Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->File Server,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NTPD,
- <A
-HREF="c6449.html#HDRWQ151"
->The runntp Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Server,
- <A
-HREF="c6449.html#HDRWQ150"
->The ptserver Process: the Protection Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Salvager,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Update Server,
- <A
-HREF="c6449.html#HDRWQ152"
->The upserver and upclient Processes: the Update Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->VL Server,
- <A
-HREF="c6449.html#HDRWQ153"
->The vlserver Process: the Volume Location Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Volume Server,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->controlling
- </DT
-><DD
-><DL
-><DT
->authorization checking for entire cell,
- <A
-HREF="c3025.html#HDRWQ124"
->Authentication versus Authorization</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server machine interfaces registered in VLDB,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->conventions
- </DT
-><DD
-><DL
-><DT
->AFS pathnames,
- <A
-HREF="c667.html#HDRWQ36"
->Participating in the AFS Global Namespace</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cell name,
- <A
-HREF="c667.html#Header_41"
->Setuid Programs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume names,
- <A
-HREF="c667.html#HDRWQ43"
->The Third Level</A
->,
- <A
-HREF="c8420.html#HDRWQ184"
->About Volume Names</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->converting
- </DT
-><DD
-><DL
-><DT
->existing UNIX accounts to AFS accounts
- </DT
-><DD
-><DL
-><DT
->with manual account creation,
- <A
-HREF="c27596.html#HDRWQ497"
->Specifying Passwords in the Local Password File</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password File</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->coordinator (Ubik)
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->election procedure described,
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->copying
- </DT
-><DD
-><DL
-><DT
->ACL between directories,
- <A
-HREF="c31274.html#HDRWQ577"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->core files
- </DT
-><DD
-><DL
-><DT
->for server processes,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing from /usr/afs/logs directory,
- <A
-HREF="c3025.html#Header_134"
->To display binary version dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->core leak
- </DT
-><DD
-><DL
-><DT
->preventing with scheduled restarts,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->correspondence
- </DT
-><DD
-><DL
-><DT
->of volumes and directories,
- <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->corruption
- </DT
-><DD
-><DL
-><DT
->symptoms and types,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->counter
- </DT
-><DD
-><DL
-><DT
->Protection Database (max user id, max group id),
- <A
-HREF="c29323.html#Header_624"
->To set a Protection Database entry's privacy flags</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->CPS,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DT
->creating
- </DT
-><DD
-><DL
-><DT
->ACL as copy of another,
- <A
-HREF="c31274.html#HDRWQ577"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL entry,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL entry in negative permissions section,
- <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Authentication Database entry
- </DT
-><DD
-><DL
-><DT
->with kas create command,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->backup volume,
- <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cellular mount point,
- <A
-HREF="c8420.html#HDRWQ213"
->To create a cellular mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->common local password file with uss,
- <A
-HREF="c24913.html#HDRWQ457"
->Specifying Passwords in the Local Password File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->directory with uss,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file with uss,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->,
- <A
-HREF="c24913.html#HDRWQ475"
->Creating a File from a Prototype with the F Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group, self-owned,
- <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->link (hard or symbolic) with uss,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mount point when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mount point with uss,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->multiple backup volumes at once,
- <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetInfo file (client version),
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetInfo file (server version),
- <A
-HREF="c3025.html#HDRWQ138"
->Managing Server IP Addresses and VLDB Server Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetRestrict file (client version),
- <A
-HREF="c21473.html#Header_477"
->To create or edit the client NetInfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetRestrict file (server version),
- <A
-HREF="c3025.html#Header_156"
->To create or edit the server NetInfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->PAG with klog or pagsh command,
- <A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database group entry,
- <A
-HREF="c29323.html#HDRWQ543"
->To create machine entries in the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database machine entry,
- <A
-HREF="c29323.html#HDRWQ541"
->To display all Protection Database entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database user entry
- </DT
-><DD
-><DL
-><DT
->with pts createuser command,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->read-only volume,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read/write or regular mount point,
- <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read/write volume,
- <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption key,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server process,
- <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->standard files in new user account,
- <A
-HREF="c667.html#Header_72"
->Making a Backup Version of User Volumes Available</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tape label (Backup System),
- <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->user account
- </DT
-><DD
-><DL
-><DT
->with individual commands,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->user account types with uss,
- <A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->user accounts in bulk with uss,
- <A
-HREF="c24913.html#HDRWQ487"
->To delete an AFS account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume with uss,
- <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->creation date
- </DT
-><DD
-><DL
-><DT
->recorded in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->creator
- </DT
-><DD
-><DL
-><DT
->Protection Database entry
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->criteria for replicating volumes,
- <A
-HREF="c8420.html#HDRWQ193"
->Using Read-only Volumes Effectively</A
->
- </DT
-><DT
->cron process
- </DT
-><DD
-><DL
-><DT
->creating with bos create command,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->cron server process
- </DT
-><DD
-><DL
-><DT
->defining in BosConfig file,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->cron-type server process
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->used to automate volume backup,
- <A
-HREF="c8420.html#HDRWQ202"
->Backing Up Multiple Volumes at Once</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->current protection subgroup,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DT
->curses graphics utility
- </DT
-><DD
-><DL
-><DT
->afsmonitor program,
- <A
-HREF="c18360.html#HDRWQ350"
->Requirements for running the afsmonitor program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->scout program requirements,
- <A
-HREF="c18360.html#HDRWQ327"
->System Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN38956"
->D</A
-></H2
-><DL
-><DT
->d ACL permission,
- <A
-HREF="c31274.html#HDRWQ568"
->The Four Directory Permissions</A
->
- </DT
-><DT
->D instruction
- </DT
-><DD
-><DL
-><DT
->package configuration file,
- <A
-HREF="c23832.html#HDRWQ430"
->Local Files versus Symbolic Links</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->daily restart for new binaries
- </DT
-><DD
-><DL
-><DT
->displaying and setting time,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->data
- </DT
-><DD
-><DL
-><DT
->availability interrupted by dumping,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->data cache
- </DT
-><DD
-><DL
-><DT
->changing location of disk cache,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk cache size
- </DT
-><DD
-><DL
-><DT
->resetting to default value,
- <A
-HREF="c21473.html#HDRWQ399"
->To change the disk cache size without rebooting</A
->
- </DT
-></DL
-></DD
-><DT
->disk versus memory,
- <A
-HREF="c21473.html#HDRWQ394"
->Determining the Cache Type, Size, and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying size specified in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushing (forcing update),
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->size
- </DT
-><DD
-><DL
-><DT
->current, displaying,
- <A
-HREF="c21473.html#HDRWQ396"
->To display the cache size set at reboot</A
->
- </DT
-><DT
->recommendations,
- <A
-HREF="c21473.html#Header_438"
->Choosing the Cache Size</A
->
- </DT
-><DT
->set at reboot, displaying,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DT
->setting in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->,
- <A
-HREF="c21473.html#HDRWQ397"
->To display the current cache size</A
->
- </DT
-><DT
->setting until next reboot,
- <A
-HREF="c21473.html#HDRWQ398"
->To edit the cacheinfo file</A
->
- </DT
-></DL
-></DD
-><DT
->Vn file in,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->data collection
- </DT
-><DD
-><DL
-><DT
->with xstat data collection facility,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->database files,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DT
->database server machine
- </DT
-><DD
-><DL
-><DT
->adding
- </DT
-><DD
-><DL
-><DT
->to client CellServDB file and kernel memory,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DT
->to server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-></DL
-></DD
-><DT
->CellServDB file (client), displaying,
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file (server) entry
- </DT
-><DD
-><DL
-><DT
->adding,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DT
->removing,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-></DL
-></DD
-><DT
->client knowledge of,
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c3025.html#HDRWQ91"
->Simple File Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying list in server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ119"
->Distributing the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->identifying with bos status,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->maintaining,
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->reason to run three,
- <A
-HREF="c667.html#HDRWQ51"
->Configuring Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing
- </DT
-><DD
-><DL
-><DT
->from client CellServDB file and kernel memory,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DT
->from server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-></DL
-></DD
-><DT
->use of NetInfo and NetRestrict files,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->database server process
- </DT
-><DD
-><DL
-><DT
->about starting and stopping,
- <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->need to run all on every database server machine,
- <A
-HREF="c3025.html#HDRWQ102"
->Replicating the AFS Administrative Databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after adding entry to server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after removing entry from server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of CellServDB file,
- <A
-HREF="c3025.html#Header_138"
->To display an AFS binary's build level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->database, distributed
- </DT
-><DD
-><DL
-><DT
->see administrative database</DT
-></DL
-></DD
-><DT
->databases, distributed,
- <A
-HREF="c667.html#HDRWQ51"
->Configuring Server Machines</A
->
- </DT
-><DT
->date
- </DT
-><DD
-><DL
-><DT
->on binary file, listing,
- <A
-HREF="c3025.html#Header_132"
->To revert to the previous version of binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->date-specific restores,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-><DT
->default
- </DT
-><DD
-><DL
-><DT
->ACL,
- <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume quota,
- <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
->,
- <A
-HREF="c8420.html#HDRWQ234"
->Setting and Displaying Volume Quota and Current Size</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->defining
- </DT
-><DD
-><DL
-><DT
->directory for even distribution of accounts with uss,
- <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read-only site in VLDB,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption key,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption key in Authentication Database,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server process in BosConfig file,
- <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->delayed write operations
- </DT
-><DD
-><DL
-><DT
->when AFS files saved on NFS clients,
- <A
-HREF="a33047.html#HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->delete ACL permission
- </DT
-><DD
-><DL
-><DT
->see d ACL permission</DT
-></DL
-></DD
-><DT
->deleting
- </DT
-><DD
-><DL
-><DT
->Authentication Database entry with uss,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database user entry with uss,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->user accounts in bulk with uss,
- <A
-HREF="c24913.html#HDRWQ487"
->To delete an AFS account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->user accounts with uss,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->denying
- </DT
-><DD
-><DL
-><DT
->file access with negative ACL entry,
- <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->desynchronization of VLDB/volume headers
- </DT
-><DD
-><DL
-><DT
->fixing,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->symptoms of,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->determining
- </DT
-><DD
-><DL
-><DT
->identity of binary distribution machine,
- <A
-HREF="c3025.html#HDRWQ96"
->To locate the system control machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->identity of database server machines,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->identity of system control machine,
- <A
-HREF="c3025.html#HDRWQ95"
->To locate database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->identity of:
- </DT
-><DD
-><DL
-><DT
->simple file server machines,
- <A
-HREF="c3025.html#HDRWQ97"
->To locate the binary distribution machine for a system type</A
->
- </DT
-></DL
-></DD
-><DT
->roles taken by server machine,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->success of replication,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->differences
- </DT
-><DD
-><DL
-><DT
->between AFS and UNIX, summarized,
- <A
-HREF="c667.html"
->Issues in Cell Configuration and Administration</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->directories
- </DT
-><DD
-><DL
-><DT
->/afs,
- <A
-HREF="c667.html#HDRWQ36"
->Participating in the AFS Global Namespace</A
->,
- <A
-HREF="c667.html#HDRWQ41"
->Configuring Your AFS Filespace</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/afs/cellname,
- <A
-HREF="c667.html#HDRWQ36"
->Participating in the AFS Global Namespace</A
->,
- <A
-HREF="c667.html#Header_51"
->The Top /afs Level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/usr/afs/backup,
- <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->conventional under /afs/cellname,
- <A
-HREF="c667.html#HDRWQ42"
->The Second (Cellname) Level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->for grouping user home directories,
- <A
-HREF="c667.html#HDRWQ58"
->Choosing Usernames and Naming Other Account Components</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->lost+found,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->directories (server)
- </DT
-><DD
-><DL
-><DT
->/usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ109"
->To restore an administrative database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->directory
- </DT
-><DD
-><DL
-><DT
->/usr/afs/bin on server machines,
- <A
-HREF="c3025.html#HDRWQ83"
->Local Disk Files on a Server Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/usr/afs/db on server machines,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/usr/afs/etc,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/usr/afs/local on server machines,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/usr/afs/logs on server machines,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/usr/vice/cache,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/usr/vice/etc,
- <A
-HREF="c21473.html#HDRWQ391"
->Configuration and Cache-Related Files on the Local Disk</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->/vicep on server machines,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->correspondence with volume,
- <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with package,
- <A
-HREF="c23832.html#HDRWQ430"
->Local Files versus Symbolic Links</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with uss,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining for even distribution of accounts with uss,
- <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk cache,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushing from data cache on client machine,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->overwritten by uss if exists,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->root,
- <A
-HREF="c130.html#HDRWQ14"
->Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->directory-level data protection
- </DT
-><DD
-><DL
-><DT
->implications,
- <A
-HREF="c31274.html#HDRWQ566"
->Differences Between UFS and AFS Data Protection</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->directory/file name
- </DT
-><DD
-><DL
-><DT
->translating to volume ID number,
- <A
-HREF="c8420.html#HDRWQ224"
->To display the name of the volume that contains a file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->translating to volume location,
- <A
-HREF="c8420.html#HDRWQ225"
->To display the ID number of the volume that contains a file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->translating to volume name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->disabling
- </DT
-><DD
-><DL
-><DT
->authorization checking,
- <A
-HREF="c3025.html#HDRWQ125"
->Controlling Authorization Checking on a Server Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->discarding
- </DT
-><DD
-><DL
-><DT
->tokens,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->disk
- </DT
-><DD
-><DL
-><DT
->file server machine
- </DT
-><DD
-><DL
-><DT
->adding/installing,
- <A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
->
- </DT
-><DT
->removing,
- <A
-HREF="c3025.html#HDRWQ131"
->To add and mount a new disk to house AFS volumes</A
->
- </DT
-></DL
-></DD
-><DT
->local
- </DT
-><DD
-><DL
-><DT
->see local disk</DT
-></DL
-></DD
-></DL
-></DD
-><DT
->Disk attn statistic from scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DT
->disk partition
- </DT
-><DD
-><DL
-><DT
->displaying size of single,
- <A
-HREF="c8420.html#Header_253"
->To display quota, current size, and other information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->grouping related volumes on,
- <A
-HREF="c667.html#Header_55"
->Assigning Volume Names</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring usage of,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->moving volumes to reduce overcrowding,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->display layout in scout program window,
- <A
-HREF="c18360.html#HDRWQ329"
->The Layout of the scout Display</A
->
- </DT
-><DT
->displaying
- </DT
-><DD
-><DL
-><DT
->ACL entries,
- <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ADMIN flag in Authentication Database entry,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS user id and max group id counters,
- <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->BOS Server's automatic restart times,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Cache Manager preference ranks for file server machines,
- <A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file (client),
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file (server),
- <A
-HREF="c3025.html#HDRWQ119"
->Distributing the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->client interfaces registered with File Server,
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->contents of trace log (fstrace),
- <A
-HREF="c18360.html#HDRWQ347"
->Dumping and Clearing the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->counters for AFS UID and AFS GID,
- <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creator of Protection Database entry,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data cache size
- </DT
-><DD
-><DL
-><DT
->set at reboot,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DT
->specified in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-></DL
-></DD
-><DT
->data cache size, current,
- <A
-HREF="c21473.html#HDRWQ396"
->To display the cache size set at reboot</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->database server machines in server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ119"
->Distributing the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk partition size,
- <A
-HREF="c8420.html#Header_253"
->To display quota, current size, and other information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->entries from BosConfig file,
- <A
-HREF="c6449.html#HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group-creation quota in Protection Database entry,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->groups owned by a user or group,
- <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->groups to which user or machine belongs,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->KeyFile file,
- <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->log files for server processes,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->members of group,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->membership count in Protection Database entry,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mount point,
- <A
-HREF="c8420.html#HDRWQ211"
->To display a mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->owner of Protection Database entry,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privacy flags on Protection Database entry,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database entries (all),
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database entry,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption key from Authentication Database,
- <A
-HREF="c20494.html#HDRWQ360"
->To display the KeyFile file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption keys in KeyFile file,
- <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server entries from VLDB,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server process status,
- <A
-HREF="c6449.html#HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->state of event set (fstrace),
- <A
-HREF="c18360.html#HDRWQ346"
->Displaying the State of a Trace Log or Event Set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->state of trace log (fstrace),
- <A
-HREF="c18360.html#Header_384"
->To display the state of an event set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system:administrators group members,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tape label (Backup System),
- <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->time stamp on binary file,
- <A
-HREF="c3025.html#Header_132"
->To revert to the previous version of binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->UserList file,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->VLDB entry
- </DT
-><DD
-><DL
-><DT
->with volume header,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-></DL
-></DD
-><DT
->VLDB entry with volume header,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->VLDB server entries,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume header,
- <A
-HREF="c8420.html#HDRWQ219"
->Displaying Volume Headers</A
->
- </DT
-><DD
-><DL
-><DT
->with VLDB entry,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-></DL
-></DD
-><DT
->volume header with VLDB entry,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume information,
- <A
-HREF="c8420.html#HDRWQ216"
->Displaying Information About Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume quota
- </DT
-><DD
-><DL
-><DT
->percent used,
- <A
-HREF="c8420.html#Header_251"
->To set maximum quota on one or more volumes</A
->
- </DT
-><DT
->with volume & partition info,
- <A
-HREF="c8420.html#Header_253"
->To display quota, current size, and other information</A
->
- </DT
-><DT
->with volume size,
- <A
-HREF="c8420.html#Header_252"
->To display percent quota used</A
->
- </DT
-></DL
-></DD
-><DT
->volume size,
- <A
-HREF="c8420.html#Header_252"
->To display percent quota used</A
->,
- <A
-HREF="c8420.html#Header_253"
->To display quota, current size, and other information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume's VLDB entry,
- <A
-HREF="c8420.html#HDRWQ217"
->Displaying VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->distributed database
- </DT
-><DD
-><DL
-><DT
->see administrative database</DT
-></DL
-></DD
-><DT
->distributed databases,
- <A
-HREF="c667.html#HDRWQ51"
->Configuring Server Machines</A
->
- </DT
-><DT
->distributed file system,
- <A
-HREF="c130.html#HDRWQ9"
->Distributed File Systems</A
->
- </DT
-><DD
-><DL
-><DT
->security issues,
- <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->distribution
- </DT
-><DD
-><DL
-><DT
->of CellServDB file (server),
- <A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->of databases,
- <A
-HREF="c667.html#HDRWQ51"
->Configuring Server Machines</A
->,
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->dormant (state of fstrace event set),
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DT
->dumb terminal
- </DT
-><DD
-><DL
-><DT
->use in scout program,
- <A
-HREF="c18360.html#HDRWQ327"
->System Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use with afsmonitor,
- <A
-HREF="c18360.html#HDRWQ350"
->Requirements for running the afsmonitor program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->dump (Backup System)
- </DT
-><DD
-><DL
-><DT
->appended
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c15383.html#HDRWQ299"
->Appending Dumps to an Existing Dump Set</A
->
- </DT
-></DL
-></DD
-><DT
->appended, defined,
- <A
-HREF="c12776.html#Header_274"
->Dumps and Dump Sets</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating Backup Database record,
- <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c12776.html#Header_274"
->Dumps and Dump Sets</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying Backup Database record,
- <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->full, defined,
- <A
-HREF="c12776.html#Header_274"
->Dumps and Dump Sets</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ID number, described,
- <A
-HREF="c12776.html#Header_275"
->Dump Hierarchies, Dump Levels and Expiration Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ID number, displaying,
- <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->incremental, defined,
- <A
-HREF="c12776.html#Header_274"
->Dumps and Dump Sets</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->initial, defined,
- <A
-HREF="c12776.html#Header_274"
->Dumps and Dump Sets</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->label, described,
- <A
-HREF="c12776.html#HDRWQ254"
->Tape Labels, Dump Labels, and EOF Markers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->name, described,
- <A
-HREF="c12776.html#Header_275"
->Dump Hierarchies, Dump Levels and Expiration Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->parent, defined,
- <A
-HREF="c12776.html#Header_274"
->Dumps and Dump Sets</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->set
- </DT
-><DD
-><DL
-><DT
->see dump set</DT
-></DL
-></DD
-></DL
-></DD
-><DT
->dump hierarchy (Backup System)
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c12776.html#HDRWQ267"
->Defining and Displaying the Dump Hierarchy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->described,
- <A
-HREF="c12776.html#Header_275"
->Dump Hierarchies, Dump Levels and Expiration Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_302"
->To delete a dump level from the dump hierarchy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dump level
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c12776.html#Header_275"
->Dump Hierarchies, Dump Levels and Expiration Dates</A
->
- </DT
-></DL
-></DD
-><DT
->dump levels
- </DT
-><DD
-><DL
-><DT
->adding,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-><DT
->deleting,
- <A
-HREF="c12776.html#Header_301"
->To change a dump level's expiration date</A
->
- </DT
-></DL
-></DD
-><DT
->expiration date on dump level
- </DT
-><DD
-><DL
-><DT
->described,
- <A
-HREF="c12776.html#Header_275"
->Dump Hierarchies, Dump Levels and Expiration Dates</A
->
- </DT
-></DL
-></DD
-><DT
->expiration dates,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-><DT
->assigning to dump levels,
- <A
-HREF="c12776.html#HDRWQ267"
->Defining and Displaying the Dump Hierarchy</A
->
- </DT
-><DT
->changing,
- <A
-HREF="c12776.html#Header_300"
->To add a dump level to the dump hierarchy</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->dump ID number (Backup System)
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c15383.html#HDRWQ302"
->Displaying Backup Dump Records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->dump ID numbers (Backup System),
- <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
->
- </DT
-><DT
->dump levels
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c12776.html#Header_275"
->Dump Hierarchies, Dump Levels and Expiration Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->expiration dates,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-><DT
->changing,
- <A
-HREF="c12776.html#Header_300"
->To add a dump level to the dump hierarchy</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-></DL
-></DD
-><DT
->in Backup Database
- </DT
-><DD
-><DL
-><DT
->adding,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-><DT
->deleting,
- <A
-HREF="c12776.html#Header_301"
->To change a dump level's expiration date</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_302"
->To delete a dump level from the dump hierarchy</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->dump set (Backup System)
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c12776.html#Header_274"
->Dumps and Dump Sets</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deleting from Backup Database,
- <A
-HREF="c15383.html#HDRWQ320"
->To repair corruption in the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->full dumps,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->incremental dumps,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->dumping
- </DT
-><DD
-><DL
-><DT
->Backup Database to tape,
- <A
-HREF="c15383.html#HDRWQ316"
->Maintaining the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dump ID numbers,
- <A
-HREF="c15383.html#HDRWQ298"
->How Your Configuration Choices Influence the Dump Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->full dumps,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->incremental dumps,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->trace log contents (fstrace),
- <A
-HREF="c18360.html#HDRWQ347"
->Dumping and Clearing the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volumes
- </DT
-><DD
-><DL
-><DT
->reasons,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DT
->using vos command,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DT
->without using AFS Backup System,
- <A
-HREF="c8420.html#HDRWQ240"
->Dumping and Restoring Volumes</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->dynamic kernel loader programs
- </DT
-><DD
-><DL
-><DT
->directory for AFS library files,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN39487"
->E</A
-></H2
-><DL
-><DT
->E instruction
- </DT
-><DD
-><DL
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ475"
->Creating a File from a Prototype with the F Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->editing
- </DT
-><DD
-><DL
-><DT
->NetInfo file (client version),
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetInfo file (server version),
- <A
-HREF="c3025.html#HDRWQ138"
->Managing Server IP Addresses and VLDB Server Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetRestrict file (client version),
- <A
-HREF="c21473.html#Header_477"
->To create or edit the client NetInfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetRestrict file (server version),
- <A
-HREF="c3025.html#Header_156"
->To create or edit the server NetInfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->election of Ubik coordinator,
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DT
->emergency
- </DT
-><DD
-><DL
-><DT
->server encryption keys mismatched,
- <A
-HREF="c20494.html#HDRWQ370"
->Handling Server Encryption Key Emergencies</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->enabling authorization checking,
- <A
-HREF="c3025.html#HDRWQ126"
->To disable authorization checking on a server machine</A
->
- </DT
-><DT
->encrypted network communication,
- <A
-HREF="c667.html#HDRWQ72"
->Some Important Security Features</A
->
- </DT
-><DT
->entering
- </DT
-><DD
-><DL
-><DT
->kas interactive mode,
- <A
-HREF="c3025.html#HDRWQ128"
->Bypassing Mutual Authentication for an Individual Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->entry in VLDB
- </DT
-><DD
-><DL
-><DT
->displaying, with volume header,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->for volume,
- <A
-HREF="c8420.html#HDRWQ180"
->Volume Information in the VLDB</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->locking/unlocking,
- <A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->environment
- </DT
-><DD
-><DL
-><DT
->types compared,
- <A
-HREF="c130.html#HDRWQ8"
->Networks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->erasing
- </DT
-><DD
-><DL
-><DT
->all ACL entries,
- <A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->etc/exports file,
- <A
-HREF="a33047.html#Header_679"
->To configure an NFS/AFS translator machine</A
->
- </DT
-><DT
->etc/fstab file
- </DT
-><DD
-><DL
-><DT
->see file systems registry file</DT
-></DL
-></DD
-><DT
->event set (fstrace)
- </DT
-><DD
-><DL
-><DT
->cm,
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying state,
- <A
-HREF="c18360.html#HDRWQ346"
->Displaying the State of a Trace Log or Event Set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->persistence,
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c18360.html#Header_381"
->To configure the trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->events
- </DT
-><DD
-><DL
-><DT
->auditing AFS on AIX server machines,
- <A
-HREF="c18360.html#HDRWQ354"
->Auditing AFS Events on AIX File Servers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->examples
- </DT
-><DD
-><DL
-><DT
->library files for package,
- <A
-HREF="c23832.html#Header_505"
->Example Library File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->prototype files for package,
- <A
-HREF="c23832.html#HDRWQ428"
->An Example Prototype File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->scout program display,
- <A
-HREF="c18360.html#HDRWQ336"
->Example Commands and Displays</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->executing
- </DT
-><DD
-><DL
-><DT
->command using uss template line,
- <A
-HREF="c24913.html#HDRWQ478"
->Increasing Account Security with the A Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->expiration dates,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-><DT
->absolute,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing,
- <A
-HREF="c12776.html#Header_300"
->To add a dump level to the dump hierarchy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->relative,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c12776.html#HDRWQ270"
->Defining Expiration Dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN39581"
->F</A
-></H2
-><DL
-><DT
->F instruction
- </DT
-><DD
-><DL
-><DT
->package configuration file,
- <A
-HREF="c23832.html#HDRWQ431"
->Defining a Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->failure
- </DT
-><DD
-><DL
-><DT
->of file storage due to full partition,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->of uss account creation
- </DT
-><DD
-><DL
-><DT
->recovering from,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->Fetch statistic from scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DT
->file
- </DT
-><DD
-><DL
-><DT
->creating standard ones in new user account,
- <A
-HREF="c667.html#Header_72"
->Making a Backup Version of User Volumes Available</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with package,
- <A
-HREF="c23832.html#HDRWQ431"
->Defining a Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with uss,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->,
- <A
-HREF="c24913.html#HDRWQ475"
->Creating a File from a Prototype with the F Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushing from data cache on client machine,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->overwritten by uss if exists,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->required on client machine local disk,
- <A
-HREF="c667.html#HDRWQ54"
->Configuring Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->file extension
- </DT
-><DD
-><DL
-><DT
->.BAK,
- <A
-HREF="c3025.html#HDRWQ111"
->Installing New Binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->.OLD,
- <A
-HREF="c3025.html#HDRWQ111"
->Installing New Binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->File Server
- </DT
-><DD
-><DL
-><DT
->as part of fs process,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->client interfaces registered,
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->collecting data with xstat data collection facility,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CPS requested from Protection Server,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ18"
->The File Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying log file,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->interfaces registered in VLDB
- </DT
-><DD
-><DL
-><DT
->listed in sysid file,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-></DL
-></DD
-><DT
->interfaces registered in VLDB server entry,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring with scout program,
- <A
-HREF="c18360.html#HDRWQ333"
->Highlighting Server Outages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of NetInfo file,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of NetRestrict file,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of sysid file,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat data collection facility libraries,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat data collections,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat example commands,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat_fs_test example command,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->file server machine,
- <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->
- </DT
-><DD
-><DL
-><DT
->Cache Manager preference ranks for,
- <A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration files in /usr/afs/local,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->core files in /usr/afs/logs,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->database files in /usr/afs/db,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk
- </DT
-><DD
-><DL
-><DT
->adding/installing,
- <A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
->
- </DT
-><DT
->removing,
- <A
-HREF="c3025.html#HDRWQ131"
->To add and mount a new disk to house AFS volumes</A
->
- </DT
-></DL
-></DD
-><DT
->displaying log files,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->installing command and process binaries,
- <A
-HREF="c3025.html#HDRWQ110"
->Installing Server Process Software</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->log files in /usr/afs/logs,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring outages of,
- <A
-HREF="c18360.html#HDRWQ333"
->Highlighting Server Outages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->partitions, naming,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rebooting, about,
- <A
-HREF="c667.html#Header_62"
->Configuring Partitions to Store AFS Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restoring partitions using Backup System,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->salvaging volumes,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->file server probe interval
- </DT
-><DD
-><DL
-><DT
->setting for a client machine,
- <A
-HREF="c21473.html#HDRWQ410"
->Setting the File Server Probe Interval</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->file storage
- </DT
-><DD
-><DL
-><DT
->failed due to partition crowding,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->file system
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c130.html#HDRWQ9"
->Distributed File Systems</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring activity,
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->salvager
- </DT
-><DD
-><DL
-><DT
->see Salvager</DT
-></DL
-></DD
-></DL
-></DD
-><DT
->file systems registry file
- </DT
-><DD
-><DL
-><DT
->adding new disk to file server machine,
- <A
-HREF="c3025.html#HDRWQ131"
->To add and mount a new disk to house AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing disk from file server machine,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->file tree
- </DT
-><DD
-><DL
-><DT
->conventions
- </DT
-><DD
-><DL
-><DT
->for configuring,
- <A
-HREF="c667.html#HDRWQ40"
->Granting and Denying Foreign Users Access to Your Cell</A
->
- </DT
-><DT
->third level,
- <A
-HREF="c667.html#HDRWQ42"
->The Second (Cellname) Level</A
->
- </DT
-></DL
-></DD
-><DT
->creating volumes to match top level directories,
- <A
-HREF="c667.html#HDRWQ43"
->The Third Level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->FileLog file,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->files
- </DT
-><DD
-><DL
-><DT
->/usr/afs/etc/KeyFile,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS initialization script,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS libraries used by dynamic kernel loader programs,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->afsd,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->afszcm.cat,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AuthLog,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup command binary,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->BackupLog,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bdb.DB0,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bdb.DBSYS1,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bos command binary,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->BosConfig,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->BosLog,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bosserver binary,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->buserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cacheinfo,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CacheItems,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB (client),
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB (server),
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->,
- <A
-HREF="c3025.html#Header_138"
->To display an AFS binary's build level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file (client),
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB.local,
- <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CFG_<device_name>,
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying log files,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->exports,
- <A
-HREF="a33047.html#Header_679"
->To configure an NFS/AFS translator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file systems registry (fstab),
- <A
-HREF="c3025.html#HDRWQ131"
->To add and mount a new disk to house AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->FileLog,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fileserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fms.log,
- <A
-HREF="c12776.html#HDRWQ259"
->To run the fms command on a noncompressing tape device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->FORCESALVAGE,
- <A
-HREF="c3025.html#HDRWQ89"
->Volume Headers on Server Partitions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->global CellServDB,
- <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kas command binary,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kaserver binary file,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kaserver.DB0,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kaserver.DBSYS1,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->KeyFile,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetInfo (client version),
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->,
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetInfo (server version),
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetRestrict (client version),
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->,
- <A
-HREF="c21473.html#Header_477"
->To create or edit the client NetInfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NetRestrict (server version),
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NoAuth,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ntpd,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ntpdc,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->package Makefile,
- <A
-HREF="c23832.html#HDRWQ438"
->The Package Makefile File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->prdb.DB0,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->prdb.DBSYS1,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts command binary,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ptserver binary,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->runntp,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->SALVAGE.fs,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->salvage.lock,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->SalvageLog,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->salvager,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server configuration, in /usr/afs/etc directory,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->sysid,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tapeconfig,
- <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ThisCell (client),
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ThisCell (server),
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->udebug,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->upclient,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->upserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->UserList,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->V.vol_ID.vol,
- <A
-HREF="c3025.html#HDRWQ89"
->Volume Headers on Server Partitions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vldb.DB0,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vldb.DBSYS1,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->VLLog,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vlserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Vn,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->VolserLog,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->VolumeItems,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vos command binary,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->fileserver
- </DT
-><DD
-><DL
-><DT
->see File Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->flexible synchronization site (Ubik),
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DT
->flushing
- </DT
-><DD
-><DL
-><DT
->data cache on client machine,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->fms command,
- <A
-HREF="c12776.html#HDRWQ259"
->To run the fms command on a noncompressing tape device</A
->
- </DT
-><DT
->fms.log file,
- <A
-HREF="c12776.html#HDRWQ259"
->To run the fms command on a noncompressing tape device</A
->
- </DT
-><DT
->FORCESALVAGE file,
- <A
-HREF="c3025.html#HDRWQ89"
->Volume Headers on Server Partitions</A
->
- </DT
-><DT
->foreign cell,
- <A
-HREF="c130.html#HDRWQ11"
->Cells</A
->
- </DT
-><DD
-><DL
-><DT
->making local cell visible,
- <A
-HREF="c667.html#HDRWQ37"
->What the Global Namespace Looks Like</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->making visible in local cell,
- <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->format of CellServDB file (client),
- <A
-HREF="c21473.html#HDRWQ407"
->The Format of the CellServDB file</A
->
- </DT
-><DT
->fs commands
- </DT
-><DD
-><DL
-><DT
->checkservers,
- <A
-HREF="c21473.html#Header_461"
->To set a client's file server probe interval</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->checkvolumes,
- <A
-HREF="c21473.html#Header_467"
->To flush all data from a volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cleanacl,
- <A
-HREF="c31274.html#HDRWQ579"
->Removing Obsolete AFS IDs from ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->copyacl,
- <A
-HREF="c31274.html#HDRWQ577"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->examine,
- <A
-HREF="c8420.html#HDRWQ224"
->To display the name of the volume that contains a file</A
->,
- <A
-HREF="c8420.html#Header_253"
->To display quota, current size, and other information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->exportafs,
- <A
-HREF="a33047.html#Header_679"
->To configure an NFS/AFS translator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flush,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushmount,
- <A
-HREF="c21473.html#Header_468"
->To force the Cache Manager to notice other volume changes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushvolume,
- <A
-HREF="c21473.html#Header_466"
->To flush certain files or directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getcacheparms,
- <A
-HREF="c21473.html#HDRWQ396"
->To display the cache size set at reboot</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getcellstatus,
- <A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid Programs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getclientaddrs,
- <A
-HREF="c21473.html#Header_478"
->To create or edit the client NetRestrict file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getserverprefs,
- <A
-HREF="c21473.html#Header_473"
->Displaying and Setting Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting privilege for,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listacl,
- <A
-HREF="c31274.html#HDRWQ572"
->Displaying ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listcells,
- <A
-HREF="c21473.html#Header_454"
->To display the /usr/vice/etc/CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listquota,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->,
- <A
-HREF="c8420.html#Header_252"
->To display percent quota used</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->lsmount,
- <A
-HREF="c8420.html#HDRWQ211"
->To display a mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->messages,
- <A
-HREF="c21473.html#HDRWQ416"
->Controlling the Display of Warning and Informational Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mkmount
- </DT
-><DD
-><DL
-><DT
->for read/write volume,
- <A
-HREF="c8420.html#Header_212"
->To create (and mount) a read/write volume</A
->
- </DT
-><DT
->general instructions,
- <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->
- </DT
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DT
->when creating user account,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-><DT
->when mounting backup volume,
- <A
-HREF="c8420.html#HDRWQ205"
->To create and mount a backup volume</A
->
- </DT
-><DT
->when renaming volume,
- <A
-HREF="c8420.html#HDRWQ246"
->To rename a volume</A
->
- </DT
-><DT
->when restoring volume,
- <A
-HREF="c8420.html#HDRWQ242"
->To restore a dump into a new volume and mount it</A
->
- </DT
-></DL
-></DD
-><DT
->mutual authentication, bypassing,
- <A
-HREF="c3025.html#HDRWQ129"
->To bypass mutual authentication for bos, kas, pts, and vos commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->newcell,
- <A
-HREF="c21473.html#Header_456"
->To change the list of a cell's database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->quota,
- <A
-HREF="c8420.html#Header_251"
->To set maximum quota on one or more volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rmmount,
- <A
-HREF="c8420.html#HDRWQ215"
->To remove a mount point</A
->
- </DT
-><DD
-><DL
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DT
->when removing user account,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-><DT
->when removing volume,
- <A
-HREF="c8420.html#HDRWQ236"
->To remove a volume and unmount it</A
->
- </DT
-><DT
->when renaming volume,
- <A
-HREF="c8420.html#HDRWQ246"
->To rename a volume</A
->
- </DT
-></DL
-></DD
-><DT
->setacl,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-><DT
->with -clear flag,
- <A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
->
- </DT
-><DT
->with -negative flag,
- <A
-HREF="c31274.html#HDRWQ574"
->To add, remove, or edit normal ACL permissions</A
->
- </DT
-></DL
-></DD
-><DT
->setcachesize,
- <A
-HREF="c21473.html#HDRWQ398"
->To edit the cacheinfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setcell,
- <A
-HREF="c21473.html#Header_458"
->To determine a cell's setuid status</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setclientaddrs,
- <A
-HREF="c21473.html#Header_479"
->To display the list of addresses from kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setquota,
- <A
-HREF="c8420.html#Header_250"
->To set quota for a single volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setserverprefs,
- <A
-HREF="c21473.html#Header_474"
->To display server preference ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setvol,
- <A
-HREF="c8420.html#Header_251"
->To set maximum quota on one or more volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->storebehind
- </DT
-><DD
-><DL
-><DT
->displaying asynchrony for specific files,
- <A
-HREF="c21473.html#Header_489"
->To display the default store asynchrony</A
->
- </DT
-><DT
->displaying default asynchrony,
- <A
-HREF="c21473.html#Header_488"
->To set the store asynchrony for one or more files</A
->
- </DT
-><DT
->setting asynchrony for specific files,
- <A
-HREF="c21473.html#Header_487"
->To set the default store asynchrony</A
->
- </DT
-><DT
->setting default asynchrony,
- <A
-HREF="c21473.html#HDRWQ418"
->Enabling Asynchronous Writes</A
->
- </DT
-></DL
-></DD
-><DT
->sysname,
- <A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the System Type Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->whereis,
- <A
-HREF="c8420.html#HDRWQ225"
->To display the ID number of the volume that contains a file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->fs process,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->fs server process
- </DT
-><DD
-><DL
-><DT
->defining in BosConfig file,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->fs-type server process
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->fsck command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS version,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->fstab file
- </DT
-><DD
-><DL
-><DT
->see file systems registry file</DT
-></DL
-></DD
-><DT
->fstrace commands
- </DT
-><DD
-><DL
-><DT
->clear,
- <A
-HREF="c18360.html#Header_387"
->To dump the contents of a trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dump,
- <A
-HREF="c18360.html#HDRWQ347"
->Dumping and Clearing the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->example of use,
- <A
-HREF="c18360.html#Header_388"
->To clear the contents of a trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->lslog,
- <A
-HREF="c18360.html#Header_384"
->To display the state of an event set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->lsset,
- <A
-HREF="c18360.html#HDRWQ346"
->Displaying the State of a Trace Log or Event Set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege requirements,
- <A
-HREF="c18360.html#HDRWQ343"
->Requirements for Using the fstrace Command Suite</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setlog,
- <A
-HREF="c18360.html#HDRWQ344"
->Activating the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setset,
- <A
-HREF="c18360.html#Header_381"
->To configure the trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->fsync system call
- </DT
-><DD
-><DL
-><DT
->for files saved on AFS client,
- <A
-HREF="c667.html#HDRWQ32"
->Creating Hard Links</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->for files saved on NFS client,
- <A
-HREF="a33047.html#HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ftpd command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->full dump,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-><DT
->creating using vos command,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->full restores,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40070"
->G</A
-></H2
-><DL
-><DT
->global namespace,
- <A
-HREF="c667.html#HDRWQ35"
->Why Choosing the Appropriate Cell Name is Important</A
->
- </DT
-><DT
->granting
- </DT
-><DD
-><DL
-><DT
->file access by setting ACL,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege for backup commands,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege for bos commands,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege for fs commands,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege for kas commands,
- <A
-HREF="c32432.html#HDRWQ589"
->Granting Privilege for kas Commands: the ADMIN Flag</A
->,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege for pts commands,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege for vos commands,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->group
- </DT
-><DD
-><DL
-><DT
->ACL entry, usefulness of,
- <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS GID,
- <A
-HREF="c667.html#HDRWQ60"
->Creating Standard Files in New AFS Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS GID, assigning,
- <A
-HREF="c29323.html#HDRWQ543"
->To create machine entries in the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creation quota
- </DT
-><DD
-><DL
-><DT
->see quota</DT
-></DL
-></DD
-><DT
->definition,
- <A
-HREF="c130.html#HDRWQ21"
->The Protection Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group use,
- <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->groups owned, displaying,
- <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->members, adding,
- <A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->members, displaying,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->members, removing,
- <A
-HREF="c29323.html#HDRWQ550"
->To add users and machines to groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->membership of machine or user, displaying,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->name, assigning,
- <A
-HREF="c29323.html#HDRWQ543"
->To create machine entries in the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->orphaned, displaying,
- <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->owned by user or group, displaying,
- <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->owner
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying for all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-></DL
-></DD
-><DT
->privacy flags,
- <A
-HREF="c667.html#HDRWQ60"
->Creating Standard Files in New AFS Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privacy flags on Protection Database entry
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c29323.html#Header_622"
->To set group-creation quota</A
->
- </DT
-></DL
-></DD
-><DT
->private use,
- <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database entry
- </DT
-><DD
-><DL
-><DT
->deleting,
- <A
-HREF="c29323.html#HDRWQ552"
->Deleting Protection Database Entries</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DT
->name, changing,
- <A
-HREF="c29323.html#HDRWQ555"
->To change a group's owner</A
->
- </DT
-></DL
-></DD
-><DT
->Protection Database entry, creating,
- <A
-HREF="c29323.html#HDRWQ543"
->To create machine entries in the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database entry, described,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->regular and prefix-less, defined,
- <A
-HREF="c29323.html#HDRWQ543"
->To create machine entries in the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restrictions,
- <A
-HREF="c667.html#HDRWQ60"
->Creating Standard Files in New AFS Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rules for naming,
- <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->self-owned, creating,
- <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->shared use,
- <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system,
- <A
-HREF="c29323.html#HDRWQ534"
->About the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system-defined,
- <A
-HREF="c667.html#HDRWQ61"
->Using AFS Protection Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system-defined on ACLs,
- <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->using effectively,
- <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->group use of group,
- <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->
- </DT
-><DT
->groups command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40174"
->H</A
-></H2
-><DL
-><DT
->handling
- </DT
-><DD
-><DL
-><DT
->server encryption key emergency,
- <A
-HREF="c20494.html#HDRWQ370"
->Handling Server Encryption Key Emergencies</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->hard link
- </DT
-><DD
-><DL
-><DT
->AFS restrictions on,
- <A
-HREF="c667.html#Header_38"
->The AFS version of the fsck Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with uss,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->overwritten by uss if exists,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->highlighting statistics in scout display
- </DT
-><DD
-><DL
-><DT
->setting thresholds,
- <A
-HREF="c18360.html#HDRWQ335"
->To start the scout program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of reverse video,
- <A
-HREF="c18360.html#HDRWQ332"
->Highlighting Significant Statistics</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40194"
->I</A
-></H2
-><DL
-><DT
->i ACL permission,
- <A
-HREF="c31274.html#HDRWQ568"
->The Four Directory Permissions</A
->
- </DT
-><DT
->identifying
- </DT
-><DD
-><DL
-><DT
->binary distribution machine,
- <A
-HREF="c3025.html#HDRWQ96"
->To locate the system control machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->database server machine,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->roles taken by server machine,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->simple file server machine,
- <A
-HREF="c3025.html#HDRWQ97"
->To locate the binary distribution machine for a system type</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system control machine,
- <A
-HREF="c3025.html#HDRWQ95"
->To locate database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->inactive (state of fstrace event set),
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DT
->incremental dump
- </DT
-><DD
-><DL
-><DT
->creating using vos command,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with Backup System,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->inetd command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->initialization script for AFS,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DT
->initializing
- </DT
-><DD
-><DL
-><DT
->scout program,
- <A
-HREF="c18360.html#HDRWQ334"
->Resizing the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server process,
- <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->insert ACL permission
- </DT
-><DD
-><DL
-><DT
->see i ACL permission</DT
-></DL
-></DD
-><DT
->installing
- </DT
-><DD
-><DL
-><DT
->disk on file server machine,
- <A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server binaries,
- <A
-HREF="c3025.html#HDRWQ110"
->Installing Server Process Software</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server process binaries, about,
- <A
-HREF="c3025.html#HDRWQ109"
->To restore an administrative database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->intention flag in VLDB entry,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DT
->interactive mode (Backup System)
- </DT
-><DD
-><DL
-><DT
->entering,
- <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->exiting,
- <A
-HREF="c15383.html#Header_325"
->To enter interactive mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->features,
- <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->operations
- </DT
-><DD
-><DL
-><DT
->canceling pending/running,
- <A
-HREF="c15383.html#HDRWQ289"
->To display pending or running jobs in interactive mode</A
->
- </DT
-><DT
->displaying pending/running,
- <A
-HREF="c15383.html#Header_326"
->To exit interactive mode</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->interactive mode (kas commands),
- <A
-HREF="c3025.html#HDRWQ128"
->Bypassing Mutual Authentication for an Individual Command</A
->
- </DT
-><DT
->Internet
- </DT
-><DD
-><DL
-><DT
->conventions for cell name,
- <A
-HREF="c667.html#Header_41"
->Setuid Programs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Network Information Center,
- <A
-HREF="c667.html#HDRWQ34"
->Choosing a Cell Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40270"
->J</A
-></H2
-><DL
-><DT
->job ID numbers (Backup System),
- <A
-HREF="c15383.html#HDRWQ288"
->Using Interactive and Regular Command Mode</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c15383.html#Header_326"
->To exit interactive mode</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->operations
- </DT
-><DD
-><DL
-><DT
->canceling,
- <A
-HREF="c15383.html#HDRWQ289"
->To display pending or running jobs in interactive mode</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40280"
->K</A
-></H2
-><DL
-><DT
->k ACL permission,
- <A
-HREF="c31274.html#HDRWQ569"
->The Three File Permissions</A
->
- </DT
-><DT
->kas commands
- </DT
-><DD
-><DL
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->create,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-><DD
-><DL
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->delete
- </DT
-><DD
-><DL
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DT
->when removing user account,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-></DL
-></DD
-><DT
->examine
- </DT
-><DD
-><DL
-><DT
->to display ADMIN flag,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-></DL
-></DD
-><DT
->examine, to inspect afs key,
- <A
-HREF="c20494.html#HDRWQ360"
->To display the KeyFile file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting privilege for,
- <A
-HREF="c32432.html#HDRWQ589"
->Granting Privilege for kas Commands: the ADMIN Flag</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->interactive,
- <A
-HREF="c3025.html#HDRWQ128"
->Bypassing Mutual Authentication for an Individual Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mutual authentication, bypassing,
- <A
-HREF="c3025.html#HDRWQ128"
->Bypassing Mutual Authentication for an Individual Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setfields,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-><DT
->limiting failed authentication attempts,
- <A
-HREF="c27596.html#HDRWQ515"
->Improving Password and Authentication Security</A
->
- </DT
-><DT
->prohibiting password reuse,
- <A
-HREF="c27596.html#Header_587"
->To set password lifetime</A
->
- </DT
-><DT
->setting ADMIN flag,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-><DT
->setting password lifetime,
- <A
-HREF="c27596.html#Header_586"
->To unlock a locked user account</A
->
- </DT
-></DL
-></DD
-><DT
->setpassword,
- <A
-HREF="c667.html#Header_83"
->Changing Passwords</A
->,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->,
- <A
-HREF="c20494.html#HDRWQ363"
->To add a new server encryption key</A
->,
- <A
-HREF="c27596.html#HDRWQ516"
->Changing AFS Passwords</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setpassword , when handling key emergency,
- <A
-HREF="c20494.html#Header_430"
->To create a new server encryption key in emergencies</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->unlock,
- <A
-HREF="c27596.html#Header_586"
->To unlock a locked user account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->kaserver process
- </DT
-><DD
-><DL
-><DT
->see Authentication Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->kaserver.DB0 file,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DT
->kaserver.DBSYS1 file,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DT
->Kerberos
- </DT
-><DD
-><DL
-><DT
->support for in AFS,
- <A
-HREF="c667.html#HDRWQ70"
->Support for Kerberos Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of usernames,
- <A
-HREF="c130.html#HDRWQ20"
->The Authentication Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->kernel memory (client)
- </DT
-><DD
-><DL
-><DT
->CellServDB file, reading into,
- <A
-HREF="c21473.html#HDRWQ406"
->Maintaining Knowledge of Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->key version number
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->KeyFile file
- </DT
-><DD
-><DL
-><DT
->adding server encryption key,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->function of,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing server encryption key,
- <A
-HREF="c20494.html#HDRWQ368"
->Removing Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->storage site for server encryption keys,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->klog command,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-><DT
->limiting failed attempts,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when handling key emergency,
- <A
-HREF="c20494.html#HDRWQ375"
->Reenabling Authorization Checking in an Emergency</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->with -setpag flag,
- <A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->klog.krb command,
- <A
-HREF="c667.html#HDRWQ70"
->Support for Kerberos Authentication</A
->
- </DT
-><DT
->knfs command,
- <A
-HREF="a33047.html#HDRWQ612"
->Authenticating on Unsupported NFS Client Machines</A
->
- </DT
-><DT
->kpasswd command,
- <A
-HREF="c667.html#Header_83"
->Changing Passwords</A
->,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DT
->kpwvalid program,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DT
->kvno
- </DT
-><DD
-><DL
-><DT
->see key version number</DT
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40390"
->L</A
-></H2
-><DL
-><DT
->l ACL permission,
- <A
-HREF="c31274.html#HDRWQ568"
->The Four Directory Permissions</A
->
- </DT
-><DT
->L instruction
- </DT
-><DD
-><DL
-><DT
->package configuration file,
- <A
-HREF="c23832.html#HDRWQ432"
->Defining a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->learning
- </DT
-><DD
-><DL
-><DT
->volume ID
- </DT
-><DD
-><DL
-><DT
->given directory/file name,
- <A
-HREF="c8420.html#HDRWQ224"
->To display the name of the volume that contains a file</A
->
- </DT
-><DT
->given volume name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-><DT
->volume location
- </DT
-><DD
-><DL
-><DT
->given directory/file name,
- <A
-HREF="c8420.html#HDRWQ225"
->To display the ID number of the volume that contains a file</A
->
- </DT
-><DT
->given volume name/ID number,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-><DT
->volume name
- </DT
-><DD
-><DL
-><DT
->given directory/file name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DT
->given volume ID number,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->length restriction on volume names,
- <A
-HREF="c8420.html#HDRWQ184"
->About Volume Names</A
->
- </DT
-><DT
->library files in package,
- <A
-HREF="c23832.html#HDRWQ427"
->Example Prototype and Library Files</A
->
- </DT
-><DD
-><DL
-><DT
->constructing,
- <A
-HREF="c23832.html#HDRWQ437"
->Constructing Prototype and Library Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->examples,
- <A
-HREF="c23832.html#Header_505"
->Example Library File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->libxstat_cm.a library,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-><DT
->data collections,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->example command using,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->obtaining more information,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->routines,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat_cm_test example command,
- <A
-HREF="c18360.html#Header_403"
->To use the example xstat_fs_test command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->libxstat_fs.a library,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-><DT
->data collections,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->example command using,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->obtaining more information,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->routines,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat_fs_test example command,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->listing
- </DT
-><DD
-><DL
-><DT
->tokens held by issuer,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ln command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->local cell,
- <A
-HREF="c130.html#HDRWQ11"
->Cells</A
->
- </DT
-><DD
-><DL
-><DT
->granting foreign users access to,
- <A
-HREF="c667.html#HDRWQ39"
->Making Other Cells Visible in Your Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->making foreign cells visible in,
- <A
-HREF="c667.html#HDRWQ38"
->Making Your Cell Visible to Others</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->making visible to foreign cells,
- <A
-HREF="c667.html#HDRWQ37"
->What the Global Namespace Looks Like</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->local configuration files (server),
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DT
->local disk
- </DT
-><DD
-><DL
-><DT
->configuring on client, using package,
- <A
-HREF="c23832.html"
->Configuring Client Machines with the package Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->files required on client machine,
- <A
-HREF="c667.html#HDRWQ54"
->Configuring Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->protecting on file server machine,
- <A
-HREF="c667.html#HDRWQ52"
->Replicating the AFS Administrative Databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->local password file
- </DT
-><DD
-><DL
-><DT
->creating common source version with uss,
- <A
-HREF="c24913.html#HDRWQ457"
->Specifying Passwords in the Local Password File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating entry for AFS user
- </DT
-><DD
-><DL
-><DT
->with manual account creation,
- <A
-HREF="c27596.html#HDRWQ492"
->Summary of Instructions</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-></DL
-></DD
-><DT
->setting password in
- </DT
-><DD
-><DL
-><DT
->with manual account creation,
- <A
-HREF="c27596.html#HDRWQ496"
->Assigning AFS and UNIX UIDs that Match</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ456"
->Assigning AFS and UNIX UIDs that Match</A
->
- </DT
-></DL
-></DD
-><DT
->when not using AFS-modified login utility,
- <A
-HREF="c667.html#HDRWQ65"
->Using an AFS-modified login Utility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when using AFS--modified login utility,
- <A
-HREF="c667.html#HDRWQ65"
->Using an AFS-modified login Utility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->location
- </DT
-><DD
-><DL
-><DT
->setting for client,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->standard for uss template file,
- <A
-HREF="c24913.html#HDRWQ465"
->Using Constants and Variables in the Template File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->lock ACL permission
- </DT
-><DD
-><DL
-><DT
->see k ACL permission</DT
-></DL
-></DD
-><DT
->locked VLDB entry
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c8420.html#HDRWQ217"
->Displaying VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->unlocking,
- <A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->locking
- </DT
-><DD
-><DL
-><DT
->VLDB entry,
- <A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->log files
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fms.log,
- <A
-HREF="c12776.html#HDRWQ259"
->To run the fms command on a noncompressing tape device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->for replicated databases,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->for server processes,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->login
- </DT
-><DD
-><DL
-><DT
->limiting failed attempts,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->login utility
- </DT
-><DD
-><DL
-><DT
->AFS version,
- <A
-HREF="c667.html#HDRWQ64"
->Identifying AFS Tokens by PAG</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS version's interaction with local password file,
- <A
-HREF="c667.html#HDRWQ65"
->Using an AFS-modified login Utility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->lookup ACL permission
- </DT
-><DD
-><DL
-><DT
->see l ACL permission</DT
-></DL
-></DD
-><DT
->lost+found directory,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40545"
->M</A
-></H2
-><DL
-><DT
->machine
- </DT
-><DD
-><DL
-><DT
->adding to group,
- <A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS UID, assigning,
- <A
-HREF="c29323.html#HDRWQ541"
->To display all Protection Database entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group memberships
- </DT
-><DD
-><DL
-><DT
->displaying number,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-></DL
-></DD
-><DT
->group memberships, displaying,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privacy flags on Protection Database entry
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c29323.html#Header_622"
->To set group-creation quota</A
->
- </DT
-></DL
-></DD
-><DT
->Protection Database entry
- </DT
-><DD
-><DL
-><DT
->deleting,
- <A
-HREF="c29323.html#HDRWQ552"
->Deleting Protection Database Entries</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DT
->name, changing,
- <A
-HREF="c29323.html#HDRWQ555"
->To change a group's owner</A
->
- </DT
-></DL
-></DD
-><DT
->Protection Database entry, creating,
- <A
-HREF="c29323.html#HDRWQ541"
->To display all Protection Database entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database entry, described,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing from group,
- <A
-HREF="c29323.html#HDRWQ550"
->To add users and machines to groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->mainframe
- </DT
-><DD
-><DL
-><DT
->computing environment,
- <A
-HREF="c130.html#HDRWQ8"
->Networks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->maintaining
- </DT
-><DD
-><DL
-><DT
->CellServDB file (client),
- <A
-HREF="c21473.html#HDRWQ408"
->Maintaining the Client CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->synchrony of VLDB with volume headers,
- <A
-HREF="c8420.html#HDRWQ182"
->Keeping the VLDB and Volume Headers Synchronized</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->majority
- </DT
-><DD
-><DL
-><DT
->defined for Ubik,
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Makefile for package,
- <A
-HREF="c23832.html#HDRWQ438"
->The Package Makefile File</A
->
- </DT
-><DD
-><DL
-><DT
->modifying,
- <A
-HREF="c23832.html#HDRWQ445"
->Modifying the Makefile</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->mapping
- </DT
-><DD
-><DL
-><DT
->AFS ID to group, machine, or username,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group name to AFS GID,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->machine name to AFS UID,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->username to AFS UID,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->max group id counter (Protection Database)
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->max user id counter (Protection Database)
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->maximum volume quota,
- <A
-HREF="c8420.html#Header_250"
->To set quota for a single volume</A
->
- </DT
-><DT
->MaxQuota field in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->members
- </DT
-><DD
-><DL
-><DT
->group, adding,
- <A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group, displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group, removing,
- <A
-HREF="c29323.html#HDRWQ550"
->To add users and machines to groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->membership
- </DT
-><DD
-><DL
-><DT
->system groups,
- <A
-HREF="c29323.html#HDRWQ534"
->About the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->memory state of BOS Server,
- <A
-HREF="c6449.html#HDRWQ155"
->How the BOS Server Uses the Information in the BosConfig File</A
->
- </DT
-><DT
->message line in scout program display,
- <A
-HREF="c18360.html#Header_368"
->The Probe Reporting Line</A
->
- </DT
-><DT
->mode bits (UNIX)
- </DT
-><DD
-><DL
-><DT
->interpretation in AFS,
- <A
-HREF="c31274.html#HDRWQ580"
->How AFS Interprets the UNIX Mode Bits</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->modifying
- </DT
-><DD
-><DL
-><DT
->clients to run package,
- <A
-HREF="c23832.html#HDRWQ447"
->Modifying Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->package Makefile,
- <A
-HREF="c23832.html#HDRWQ445"
->Modifying the Makefile</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->monitoring
- </DT
-><DD
-><DL
-><DT
->Cache Manager performance,
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Cache Manager processes with afsmonitor,
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk usage with scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file server processes with afsmonitor,
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file server processes with scout,
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->outages with scout program,
- <A
-HREF="c18360.html#HDRWQ333"
->Highlighting Server Outages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server processes,
- <A
-HREF="c6449.html"
->Monitoring and Controlling Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->mount command,
- <A
-HREF="a33047.html#Header_682"
->To configure an NFS client machine to access AFS</A
->
- </DT
-><DT
->MOUNT instruction in CFG_device_name file,
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DT
->mount point
- </DT
-><DD
-><DL
-><DT
->cellular
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c8420.html#HDRWQ213"
->To create a cellular mount point</A
->
- </DT
-><DT
->described,
- <A
-HREF="c8420.html#HDRWQ210"
->The Three Types of Mount Points</A
->
- </DT
-></DL
-></DD
-><DT
->changing when renaming user,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->choosing name for user volume,
- <A
-HREF="c667.html#HDRWQ58"
->Choosing Usernames and Naming Other Account Components</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating cellular,
- <A
-HREF="c8420.html#HDRWQ213"
->To create a cellular mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating multiple per volume,
- <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating read/write or regular,
- <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with uss,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->definition,
- <A
-HREF="c130.html#HDRWQ14"
->Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c8420.html#HDRWQ211"
->To display a mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->distinguishing different types,
- <A
-HREF="c8420.html#HDRWQ211"
->To display a mount point</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushing from data cache on client machine,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read/write
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->
- </DT
-><DT
->described,
- <A
-HREF="c8420.html#HDRWQ210"
->The Three Types of Mount Points</A
->
- </DT
-></DL
-></DD
-><DT
->regular
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c8420.html#HDRWQ212"
->To create a regular or read/write mount point</A
->
- </DT
-><DT
->described,
- <A
-HREF="c8420.html#HDRWQ210"
->The Three Types of Mount Points</A
->
- </DT
-></DL
-></DD
-><DT
->removing,
- <A
-HREF="c8420.html#HDRWQ215"
->To remove a mount point</A
->,
- <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing when removing user account,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->mounting
- </DT
-><DD
-><DL
-><DT
->backup volume,
- <A
-HREF="c8420.html#HDRWQ203"
->Automating Creation of Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk on file server machine,
- <A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->foreign volume in local cell,
- <A
-HREF="c8420.html#HDRWQ210"
->The Three Types of Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read-only volume,
- <A
-HREF="c8420.html#HDRWQ193"
->Using Read-only Volumes Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read/write volume,
- <A
-HREF="c8420.html#Header_212"
->To create (and mount) a read/write volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->
- </DT
-><DT
->general instructions,
- <A
-HREF="c8420.html#HDRWQ208"
->Mounting Volumes</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->moving
- </DT
-><DD
-><DL
-><DT
->volume,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->mutual authentication,
- <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual Authentication</A
->
- </DT
-><DD
-><DL
-><DT
->failure due to mismatched keys,
- <A
-HREF="c20494.html#HDRWQ370"
->Handling Server Encryption Key Emergencies</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->preventing,
- <A
-HREF="c3025.html#HDRWQ127"
->To enable authorization checking on a server machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption key's role,
- <A
-HREF="c20494.html#Header_412"
->Keys and Mutual Authentication: A Review</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40750"
->N</A
-></H2
-><DL
-><DT
->name
- </DT
-><DD
-><DL
-><DT
->Protection Database entry
- </DT
-><DD
-><DL
-><DT
->changing,
- <A
-HREF="c29323.html#HDRWQ555"
->To change a group's owner</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->NAME_CHECK instruction in CFG_device_name file,
- <A
-HREF="c12776.html#HDRWQ279"
->Enabling Default Responses to Error Conditions</A
->
- </DT
-><DT
->needs salvage status flag in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->negative ACL permissions
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c31274.html#HDRWQ570"
->Using Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->NetInfo file (client version),
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->,
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DT
->NetInfo file (server version),
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-><DT
->creating/editing,
- <A
-HREF="c3025.html#HDRWQ138"
->Managing Server IP Addresses and VLDB Server Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->NetRestrict file (client version),
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->,
- <A
-HREF="c21473.html#Header_477"
->To create or edit the client NetInfo file</A
->
- </DT
-><DT
->NetRestrict file (server version),
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-><DT
->creating/editing,
- <A
-HREF="c3025.html#Header_156"
->To create or edit the server NetInfo file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->network
- </DT
-><DD
-><DL
-><DT
->as computing environment,
- <A
-HREF="c130.html#HDRWQ8"
->Networks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c130.html#HDRWQ8"
->Networks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->encrypted communication in AFS,
- <A
-HREF="c667.html#HDRWQ72"
->Some Important Security Features</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->reducing traffic through caching,
- <A
-HREF="c130.html#HDRWQ16"
->Caching and Callbacks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Network Information Center (for Internet),
- <A
-HREF="c667.html#HDRWQ34"
->Choosing a Cell Name</A
->
- </DT
-><DT
->Network Time Protocol Daemon
- </DT
-><DD
-><DL
-><DT
->see NTPD</DT
-></DL
-></DD
-><DT
->New release
- </DT
-><DD
-><DL
-><DT
->status flag on site definition in VLDB entry,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->New release site flag in VLDB
- </DT
-><DD
-><DL
-><DT
->as indicator of failed replication,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->NFS/AFS Translator,
- <A
-HREF="a33047.html"
->Managing the NFS/AFS Translator</A
->
- </DT
-><DD
-><DL
-><DT
->AFSCONF environment variable,
- <A
-HREF="a33047.html#HDRWQ601"
->The AFSSERVER Variable</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->NoAuth file,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-><DT
->creating in emergencies,
- <A
-HREF="c20494.html#HDRWQ373"
->Disabling Authorization Checking in an Emergency</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->none shorthand for ACL permissions,
- <A
-HREF="c31274.html#Header_636"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DT
->normal ACL permissions
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c31274.html#HDRWQ570"
->Using Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Not released
- </DT
-><DD
-><DL
-><DT
->status flag on site definition in VLDB entry,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->NotRun status flag in BosConfig file
- </DT
-><DD
-><DL
-><DT
->changing to Run,
- <A
-HREF="c6449.html#HDRWQ166"
->To start processes by changing their status flags to Run</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->NTPD,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ27"
->The Network Time Protocol Daemon</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->invoked by runntp process,
- <A
-HREF="c6449.html#HDRWQ151"
->The runntp Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ151"
->The runntp Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ntpdc
- </DT
-><DD
-><DL
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->number variables
- </DT
-><DD
-><DL
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ465"
->Using Constants and Variables in the Template File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40855"
->O</A
-></H2
-><DL
-><DT
->Off-line status flag in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->Old release
- </DT
-><DD
-><DL
-><DT
->status flag on site definition in VLDB entry,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Old release site flag in VLDB
- </DT
-><DD
-><DL
-><DT
->as indicator of failed replication,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->OLD version of binary file
- </DT
-><DD
-><DL
-><DT
->created by bos install command,
- <A
-HREF="c3025.html#HDRWQ111"
->Installing New Binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing obsolete,
- <A
-HREF="c3025.html#Header_134"
->To display binary version dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->used by bos uninstall command,
- <A
-HREF="c3025.html#Header_130"
->To install new server binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->OldFiles directory
- </DT
-><DD
-><DL
-><DT
->as mount point for backup volume,
- <A
-HREF="c8420.html#HDRWQ203"
->Automating Creation of Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->On-line status flag in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->orphaned group,
- <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->
- </DT
-><DT
->outages
- </DT
-><DD
-><DL
-><DT
->BOS Server role in,,
- <A
-HREF="c130.html#HDRWQ19"
->The Basic OverSeer Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->due to automatic server restart,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->due to server process restart,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->due to Ubik election,
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring with scout program,
- <A
-HREF="c18360.html#HDRWQ333"
->Highlighting Server Outages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->overcrowding of disk partition
- </DT
-><DD
-><DL
-><DT
->effect on users,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->moving volumes to reduce,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->overwriting
- </DT
-><DD
-><DL
-><DT
->existing directories/files/links with uss,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->owner
- </DT
-><DD
-><DL
-><DT
->Protection Database entry
- </DT
-><DD
-><DL
-><DT
->changing,
- <A
-HREF="c29323.html#HDRWQ553"
->To delete Protection Database entries</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DT
->rules for assigning,
- <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN40919"
->P</A
-></H2
-><DL
-><DT
->package
- </DT
-><DD
-><DL
-><DT
->B instruction in configuration file,
- <A
-HREF="c23832.html#HDRWQ433"
->Defining a Symbolic Link</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->C instruction in configuration file,
- <A
-HREF="c23832.html#HDRWQ434"
->Defining a Block Special Device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->compiling prototype files,
- <A
-HREF="c23832.html#HDRWQ424"
->Compiling Prototype Files</A
->,
- <A
-HREF="c23832.html#HDRWQ446"
->Compiling Prototype Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration file instructions,
- <A
-HREF="c23832.html#HDRWQ429"
->Package Configuration File Instruction Syntax</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration files,
- <A
-HREF="c23832.html#HDRWQ424"
->Compiling Prototype Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->constructing prototype and library files,
- <A
-HREF="c23832.html#HDRWQ437"
->Constructing Prototype and Library Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->D instruction in configuration file,
- <A
-HREF="c23832.html#HDRWQ430"
->Local Files versus Symbolic Links</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining block special device in configuration file,
- <A
-HREF="c23832.html#HDRWQ433"
->Defining a Symbolic Link</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining character special device in configuration file,
- <A
-HREF="c23832.html#HDRWQ434"
->Defining a Block Special Device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining directory in configuration file,
- <A
-HREF="c23832.html#HDRWQ430"
->Local Files versus Symbolic Links</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining file in configuration file,
- <A
-HREF="c23832.html#HDRWQ431"
->Defining a Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining socket in configuration file,
- <A
-HREF="c23832.html#HDRWQ435"
->Defining a Character Special Device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining symbolic link in configuration file,
- <A
-HREF="c23832.html#HDRWQ432"
->Defining a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->directory structure,
- <A
-HREF="c23832.html#HDRWQ425"
->The package Directory Structure</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->example library files,
- <A
-HREF="c23832.html#Header_505"
->Example Library File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->example prototype files,
- <A
-HREF="c23832.html#HDRWQ427"
->Example Prototype and Library Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->F instruction in configuration file,
- <A
-HREF="c23832.html#HDRWQ431"
->Defining a Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->L instruction in configuration file,
- <A
-HREF="c23832.html#HDRWQ432"
->Defining a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->library files,
- <A
-HREF="c23832.html#HDRWQ427"
->Example Prototype and Library Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Makefile,
- <A
-HREF="c23832.html#HDRWQ438"
->The Package Makefile File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->modifying clients to run,
- <A
-HREF="c23832.html#HDRWQ447"
->Modifying Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->modifying the Makefile,
- <A
-HREF="c23832.html#HDRWQ445"
->Modifying the Makefile</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->preparing prototype files,
- <A
-HREF="c23832.html#Header_496"
->Preparing Prototype Files</A
->,
- <A
-HREF="c23832.html#Header_505"
->Example Library File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->prototype file,
- <A
-HREF="c23832.html#HDRWQ422"
->Using the package Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->S instruction in configuration file,
- <A
-HREF="c23832.html#HDRWQ435"
->Defining a Character Special Device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->to update client,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->package command,
- <A
-HREF="c23832.html#Header_533"
->To invoke the package program by rebooting</A
->
- </DT
-><DT
->package directory,
- <A
-HREF="c23832.html#HDRWQ447"
->Modifying Client Machines</A
->
- </DT
-><DT
->PAG
- </DT
-><DD
-><DL
-><DT
->creating with klog or pagsh command,
- <A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->pagsh command,
- <A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
->
- </DT
-><DT
->pagsh.krb command,
- <A
-HREF="c667.html#HDRWQ70"
->Support for Kerberos Authentication</A
->
- </DT
-><DT
->participation
- </DT
-><DD
-><DL
-><DT
->in AFS global namespace,
- <A
-HREF="c667.html#HDRWQ35"
->Why Choosing the Appropriate Cell Name is Important</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->partition
- </DT
-><DD
-><DL
-><DT
->housing AFS volumes,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restoring contents using Backup System,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restoring using Backup System
- </DT
-><DD
-><DL
-><DT
->to a new location,
- <A
-HREF="c15383.html#HDRWQ310"
->Using the backup diskrestore Command</A
->
- </DT
-><DT
->to the same location,
- <A
-HREF="c15383.html#HDRWQ310"
->Using the backup diskrestore Command</A
->
- </DT
-></DL
-></DD
-><DT
->salvaging all volumes,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->passwd file
- </DT
-><DD
-><DL
-><DT
->see local password file</DT
-></DL
-></DD
-><DT
->password
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_35"
->Differences in File and Directory Protection</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing in AFS,
- <A
-HREF="c667.html#Header_83"
->Changing Passwords</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->checking quality of,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->consequences of multiple failed authentication attempts,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->expiration,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->improving security,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->lifetime,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->local password file,
- <A
-HREF="c667.html#HDRWQ65"
->Using an AFS-modified login Utility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restricting reuse,
- <A
-HREF="c667.html#Header_84"
->Imposing Restrictions on Passwords and Authentication Attempts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting in Authentication Database,
- <A
-HREF="c27596.html#Header_588"
->To prohibit reuse of passwords</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting in local password file
- </DT
-><DD
-><DL
-><DT
->with manual account creation,
- <A
-HREF="c27596.html#HDRWQ496"
->Assigning AFS and UNIX UIDs that Match</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ456"
->Assigning AFS and UNIX UIDs that Match</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->permissions on ACL
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c31274.html#HDRWQ567"
->The AFS ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->persistent fstrace event set or trace log,
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DT
->personal
- </DT
-><DD
-><DL
-><DT
->computing environment,
- <A
-HREF="c130.html#HDRWQ8"
->Networks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->workstation
- </DT
-><DD
-><DL
-><DT
->as typical AFS machine,
- <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->possible variations
- </DT
-><DD
-><DL
-><DT
->on replication,
- <A
-HREF="c8420.html#Header_216"
->Replication Scenarios</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->prdb.DB0 file,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DT
->prdb.DBSYS1 file,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DT
->preferences
- </DT
-><DD
-><DL
-><DT
->setting,
- <A
-HREF="c21473.html#Header_474"
->To display server preference ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->prefix-less group
- </DT
-><DD
-><DL
-><DT
->see group</DT
-></DL
-></DD
-><DT
->preventing
- </DT
-><DD
-><DL
-><DT
->core leaks, with scheduled BOS Server restarts,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mutual authentication,
- <A
-HREF="c3025.html#HDRWQ127"
->To enable authorization checking on a server machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->previewing
- </DT
-><DD
-><DL
-><DT
->user account creation/deletion with uss,
- <A
-HREF="c24913.html#HDRWQ453"
->Privilege Requirements for the uss Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->privacy flags on Protection Database entry,
- <A
-HREF="c667.html#HDRWQ60"
->Creating Standard Files in New AFS Accounts</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c29323.html#Header_622"
->To set group-creation quota</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->private use of group,
- <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->
- </DT
-><DT
->privilege
- </DT
-><DD
-><DL
-><DT
->see administrative privilege</DT
-><DT
->granting for backup commands,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DT
->granting for bos commands,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DT
->granting for fs commands,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DT
->granting for kas commands,
- <A
-HREF="c32432.html#HDRWQ589"
->Granting Privilege for kas Commands: the ADMIN Flag</A
->
- </DT
-><DT
->granting for pts commands,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DT
->granting for vos commands,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DT
->required for afsmonitor program,
- <A
-HREF="c18360.html#HDRWQ350"
->Requirements for running the afsmonitor program</A
->
- </DT
-><DT
->required for fstrace commands,
- <A
-HREF="c18360.html#HDRWQ343"
->Requirements for Using the fstrace Command Suite</A
->
- </DT
-><DT
->required for scout program,
- <A
-HREF="c18360.html#HDRWQ327"
->System Requirements</A
->
- </DT
-><DT
->required for uss commands,
- <A
-HREF="c24913.html#Header_538"
->The Components of an AFS User Account</A
->
- </DT
-></DL
-></DD
-><DT
->privileged commands,
- <A
-HREF="c3025.html#HDRWQ123"
->Managing Authentication and Authorization Requirements</A
->
- </DT
-><DT
->process
- </DT
-><DD
-><DL
-><DT
->lightweight Ubik,
- <A
-HREF="c3025.html#HDRWQ103"
->Configuring the Cell for Proper Ubik Operation</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->status flag in BosConfig file,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->process authentication group
- </DT
-><DD
-><DL
-><DT
->see PAG</DT
-></DL
-></DD
-><DT
->processes
- </DT
-><DD
-><DL
-><DT
->Authentication Server, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Backup Server, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->BOS Server, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->File Server, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->NTPD, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Server, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Salvager, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Update Server, binaries in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->VL Server, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Volume Server, binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->programs
- </DT
-><DD
-><DL
-><DT
->afsd,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bosserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->buserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fileserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kaserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ntpd,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ntpdc,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ptserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->runntp,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->salvager,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->udebug,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->upclient,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->upserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vlserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volserver,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->protection
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#HDRWQ30"
->Differences between AFS and UNIX: A Summary</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->in AFS,
- <A
-HREF="c130.html#HDRWQ21"
->The Protection Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->in UNIX,
- <A
-HREF="c130.html#HDRWQ21"
->The Protection Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Protection Database,
- <A
-HREF="c130.html#HDRWQ21"
->The Protection Server</A
->
- </DT
-><DD
-><DL
-><DT
->changing username,
- <A
-HREF="c27596.html#HDRWQ517"
->Displaying and Setting the Quota on User Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creator of entry
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying for all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-></DL
-></DD
-><DT
->entry name
- </DT
-><DD
-><DL
-><DT
->changing,
- <A
-HREF="c29323.html#HDRWQ555"
->To change a group's owner</A
->
- </DT
-></DL
-></DD
-><DT
->entry, deleting,
- <A
-HREF="c29323.html#HDRWQ552"
->Deleting Protection Database Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group creation quota
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c29323.html#HDRWQ557"
->To change the name of a machine or group entry</A
->
- </DT
-></DL
-></DD
-><DT
->group entry,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-></DL
-></DD
-><DT
->group entry, creating,
- <A
-HREF="c29323.html#HDRWQ543"
->To create machine entries in the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ID counters, setting,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->machine entry
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-></DL
-></DD
-><DT
->machine entry, creating,
- <A
-HREF="c29323.html#HDRWQ541"
->To display all Protection Database entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->machine entry, described,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->max user id and max group id counters, displaying and setting,
- <A
-HREF="c29323.html#Header_624"
->To set a Protection Database entry's privacy flags</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->membership count
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-></DL
-></DD
-><DT
->owner of entry
- </DT
-><DD
-><DL
-><DT
->changing,
- <A
-HREF="c29323.html#HDRWQ554"
->Changing a Group's Owner</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying for all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-></DL
-></DD
-><DT
->privacy flags
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c29323.html#Header_622"
->To set group-creation quota</A
->
- </DT
-></DL
-></DD
-><DT
->setting
- </DT
-><DD
-><DL
-><DT
->counters for AFS UIDs,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-></DL
-></DD
-><DT
->user entry
- </DT
-><DD
-><DL
-><DT
->creating with pts createuser command,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DT
->creating with uss,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-><DT
->deleting,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-><DT
->deleting with uss,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-></DL
-></DD
-><DT
->user entry, described,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->protection of file data
- </DT
-><DD
-><DL
-><DT
->AFS compared to UFSACL,
- <A
-HREF="c31274.html#HDRWQ565"
->Protecting Data in AFS</A
->,
- <A
-HREF="c31274.html#HDRWQ566"
->Differences Between UFS and AFS Data Protection</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->see also: ACL,
- <A
-HREF="c31274.html#HDRWQ565"
->Protecting Data in AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Protection Server
- </DT
-><DD
-><DL
-><DT
->about starting and stopping,
- <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->as ptserver process,
- <A
-HREF="c6449.html#HDRWQ150"
->The ptserver Process: the Protection Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->building CPS,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ21"
->The Protection Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after adding entry to server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after removing entry from server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->runs on database server machine,
- <A
-HREF="c3025.html#HDRWQ91"
->Simple File Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ150"
->The ptserver Process: the Protection Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->prototype files in package
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c23832.html#HDRWQ422"
->Using the package Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->constructing,
- <A
-HREF="c23832.html#HDRWQ437"
->Constructing Prototype and Library Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->examples,
- <A
-HREF="c23832.html#HDRWQ427"
->Example Prototype and Library Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->preparing,
- <A
-HREF="c23832.html#Header_496"
->Preparing Prototype Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->pts commands
- </DT
-><DD
-><DL
-><DT
->adduser,
- <A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
->
- </DT
-><DD
-><DL
-><DT
->for system:administrators group,
- <A
-HREF="c32432.html#Header_657"
->To add users to the system:administrators group</A
->
- </DT
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->chown,
- <A
-HREF="c29323.html#HDRWQ554"
->Changing a Group's Owner</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creategroup,
- <A
-HREF="c29323.html#HDRWQ545"
->Using Groups Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->createuser
- </DT
-><DD
-><DL
-><DT
->machine entry,
- <A
-HREF="c29323.html#HDRWQ542"
->Creating User and Machine Entries</A
->
- </DT
-><DT
->user account,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-></DL
-></DD
-><DT
->delete,
- <A
-HREF="c29323.html#HDRWQ552"
->Deleting Protection Database Entries</A
->
- </DT
-><DD
-><DL
-><DT
->when removing user account,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-></DL
-></DD
-><DT
->examine,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting privilege for,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listentries,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listmax,
- <A
-HREF="c29323.html#HDRWQ560"
->Displaying and Setting the AFS UID and GID Counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listowned,
- <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->membership,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-><DT
->displaying system:administrators group,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-></DL
-></DD
-><DT
->mutual authentication, bypassing,
- <A
-HREF="c3025.html#HDRWQ128"
->Bypassing Mutual Authentication for an Individual Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removeuser,
- <A
-HREF="c29323.html#HDRWQ550"
->To add users and machines to groups</A
->
- </DT
-><DD
-><DL
-><DT
->for system:administrators group,
- <A
-HREF="c32432.html#HDRWQ588"
->To remove users from the system:administrators group</A
->
- </DT
-></DL
-></DD
-><DT
->rename
- </DT
-><DD
-><DL
-><DT
->machine or group name,
- <A
-HREF="c29323.html#HDRWQ556"
->Changing a Protection Database Entry's Name</A
->
- </DT
-><DT
->username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->setfields
- </DT
-><DD
-><DL
-><DT
->setting group creation quota,
- <A
-HREF="c29323.html#HDRWQ558"
->Setting Group-Creation Quota</A
->
- </DT
-><DT
->setting privacy flags,
- <A
-HREF="c29323.html#HDRWQ559"
->Setting the Privacy Flags on Database Entries</A
->
- </DT
-></DL
-></DD
-><DT
->setmax,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ptserver process
- </DT
-><DD
-><DL
-><DT
->see Protection Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN41357"
->Q</A
-></H2
-><DL
-><DT
->quota
- </DT
-><DD
-><DL
-><DT
->group-creation
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c29323.html#HDRWQ557"
->To change the name of a machine or group entry</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN41366"
->R</A
-></H2
-><DL
-><DT
->r ACL permission,
- <A
-HREF="c31274.html#HDRWQ569"
->The Three File Permissions</A
->
- </DT
-><DT
->RClone field in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->rcp command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->read
- </DT
-><DD
-><DL
-><DT
->ACL permission
- </DT
-><DD
-><DL
-><DT
->see r ACL permission)</DT
-></DL
-></DD
-><DT
->shorthand for ACL permissions,
- <A
-HREF="c31274.html#Header_636"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->read-only volume
- </DT
-><DD
-><DL
-><DT
->changing name of,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DD
-><DL
-><DT
->instructions,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c8420.html#HDRWQ178"
->The Three Types of Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining site for in VLDB,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dumping,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ID number in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mounting,
- <A
-HREF="c8420.html#HDRWQ193"
->Using Read-only Volumes Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->moving,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->need for atomic release,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->releasing,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing
- </DT
-><DD
-><DL
-><DT
->effect of,
- <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->
- </DT
-></DL
-></DD
-><DT
->selecting site,
- <A
-HREF="c667.html#HDRWQ49"
->Grouping Related Volumes on a Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->read/write mount point
- </DT
-><DD
-><DL
-><DT
->see mount point</DT
-></DL
-></DD
-><DT
->read/write volume
- </DT
-><DD
-><DL
-><DT
->changing name of,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cloning
- </DT
-><DD
-><DL
-><DT
->for backup version,
- <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->
- </DT
-><DT
->for replication,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-></DL
-></DD
-><DT
->creating,
- <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c8420.html#HDRWQ178"
->The Three Types of Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dumping,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ID number in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mounting,
- <A
-HREF="c8420.html#Header_212"
->To create (and mount) a read/write volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->moving,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing
- </DT
-><DD
-><DL
-><DT
->effect of,
- <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->
- </DT
-><DT
->instructions,
- <A
-HREF="c8420.html#HDRWQ236"
->To remove a volume and unmount it</A
->
- </DT
-></DL
-></DD
-><DT
->replication instructions,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->types suitable for replication,
- <A
-HREF="c8420.html#HDRWQ193"
->Using Read-only Volumes Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->rebooting
- </DT
-><DD
-><DL
-><DT
->file server machine, limiting,
- <A
-HREF="c667.html#Header_62"
->Configuring Partitions to Store AFS Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server machine, instructions,
- <A
-HREF="c3025.html#Header_160"
->To change a server machine's IP addresses</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->recycling
- </DT
-><DD
-><DL
-><DT
->useCounts of tapes (Backup System),
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->regular expression
- </DT
-><DD
-><DL
-><DT
->Backup System,
- <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->regular group
- </DT
-><DD
-><DL
-><DT
->see group</DT
-></DL
-></DD
-><DT
->regular mount point
- </DT
-><DD
-><DL
-><DT
->see mount point</DT
-></DL
-></DD
-><DT
->release
- </DT
-><DD
-><DL
-><DT
->status flags on site definitions in VLDB entry,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->release stage in replication,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DT
->ReleaseClone,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DT
->ReleaseClone volume
- </DT
-><DD
-><DL
-><DT
->ID number in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->releasing
- </DT
-><DD
-><DL
-><DT
->read-only volume,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read-only volume, forcing new cloning,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->read-only volume, need for atomicity,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->remote services
- </DT
-><DD
-><DL
-><DT
->modifications for AFS,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->removing
- </DT
-><DD
-><DL
-><DT
->ACL entry,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ADMIN flag from Authentication Database entry,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->all ACL entries,
- <A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->core files from /usr/afs/logs,
- <A
-HREF="c3025.html#Header_134"
->To display binary version dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->database server machine
- </DT
-><DD
-><DL
-><DT
->from client CellServDB file and kernel memory,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DT
->from server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-></DL
-></DD
-><DT
->disk from file server machine,
- <A
-HREF="c3025.html#HDRWQ131"
->To add and mount a new disk to house AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group members,
- <A
-HREF="c29323.html#HDRWQ550"
->To add users and machines to groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mount point,
- <A
-HREF="c8420.html#HDRWQ215"
->To remove a mount point</A
->,
- <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->
- </DT
-><DD
-><DL
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->mount point when removing user account,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->obsolete .BAK and .OLD version of binaries,
- <A
-HREF="c3025.html#Header_134"
->To display binary version dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->obsolete AFS IDs from ACL,
- <A
-HREF="c31274.html#Header_647"
->To copy an ACL between directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Protection Database entry,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->,
- <A
-HREF="c29323.html#HDRWQ552"
->Deleting Protection Database Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server encryption key from KeyFile file,
- <A
-HREF="c20494.html#HDRWQ368"
->Removing Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server process from BosConfig file,
- <A
-HREF="c6449.html#Header_184"
->To stop a process and remove it from the BosConfig file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system:administrators group members,
- <A
-HREF="c32432.html#HDRWQ588"
->To remove users from the system:administrators group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->trace log contents (fstrace),
- <A
-HREF="c18360.html#Header_387"
->To dump the contents of a trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->user account components,
- <A
-HREF="c27596.html#HDRWQ524"
->Removing a User Account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->UserList file users,
- <A
-HREF="c32432.html#Header_665"
->To remove users from the UserList file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume,
- <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume when removing user account,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->renaming
- </DT
-><DD
-><DL
-><DT
->user account components,
- <A
-HREF="c27596.html#HDRWQ517"
->Displaying and Setting the Quota on User Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->replacing
- </DT
-><DD
-><DL
-><DT
->all entries on ACL,
- <A
-HREF="c31274.html#HDRWQ576"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->replicated database files,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DT
->replication
- </DT
-><DD
-><DL
-><DT
->appropriate volumes,
- <A
-HREF="c667.html#HDRWQ49"
->Grouping Related Volumes on a Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c8420.html#HDRWQ179"
->How Volumes Improve AFS Efficiency</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->definition,
- <A
-HREF="c130.html#HDRWQ15"
->Replication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->detailed discussion,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->determining success of,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->forcing creation of new clone,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->need for all-or-nothing release,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->release stage,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->role of ReleaseClone,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->site definition stage,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->suitable types of volumes,
- <A
-HREF="c8420.html#HDRWQ193"
->Using Read-only Volumes Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->variations possible in,
- <A
-HREF="c8420.html#Header_216"
->Replication Scenarios</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->requirements
- </DT
-><DD
-><DL
-><DT
->scout program,
- <A
-HREF="c18360.html#HDRWQ327"
->System Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->resetting
- </DT
-><DD
-><DL
-><DT
->disk cache size to default value,
- <A
-HREF="c21473.html#HDRWQ399"
->To change the disk cache size without rebooting</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->resizing
- </DT
-><DD
-><DL
-><DT
->scout display,
- <A
-HREF="c18360.html#HDRWQ334"
->Resizing the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->restart time for BOS Server (automatic)
- </DT
-><DD
-><DL
-><DT
->displaying and setting time,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->restart times for BOS Server
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c667.html#Header_62"
->Configuring Partitions to Store AFS Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying and setting,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->restarting
- </DT
-><DD
-><DL
-><DT
->server process
- </DT
-><DD
-><DL
-><DT
->except BOS Server,
- <A
-HREF="c6449.html#Header_193"
->To stop and restart all processes including the BOS Server</A
->
- </DT
-><DT
->including BOS Server,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-><DT
->when changing authorization checking,
- <A
-HREF="c3025.html#HDRWQ124"
->Authentication versus Authorization</A
->
- </DT
-></DL
-></DD
-><DT
->server processes,
- <A
-HREF="c6449.html#Header_194"
->To stop and immediately restart all processes except the BOS Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->restoring
- </DT
-><DD
-><DL
-><DT
->administrative databases,
- <A
-HREF="c3025.html#HDRWQ108"
->To back up the administrative databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Backup Database from tape,
- <A
-HREF="c15383.html#HDRWQ316"
->Maintaining the Backup Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data
- </DT
-><DD
-><DL
-><DT
->that no longer exists,
- <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->
- </DT
-></DL
-></DD
-><DT
->data using Backup System,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->existing data
- </DT
-><DD
-><DL
-><DT
->overwriting,
- <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->
- </DT
-><DT
->preserving,
- <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->
- </DT
-></DL
-></DD
-><DT
->synchrony of VLDB and volume headers,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volumes without using AFS Backup System,
- <A
-HREF="c8420.html#Header_261"
->About Restoring Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->restrictions
- </DT
-><DD
-><DL
-><DT
->on hard links in AFS,
- <A
-HREF="c667.html#Header_38"
->The AFS version of the fsck Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->on volume names,
- <A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to Simplify Administration</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->reverse video
- </DT
-><DD
-><DL
-><DT
->use in scout program display,
- <A
-HREF="c18360.html#HDRWQ332"
->Highlighting Significant Statistics</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->reverting
- </DT
-><DD
-><DL
-><DT
->to old version of server process and command binaries,
- <A
-HREF="c3025.html#Header_130"
->To install new server binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->rlogind command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->roles for server machine,
- <A
-HREF="c3025.html#HDRWQ89"
->Volume Headers on Server Partitions</A
->
- </DT
-><DD
-><DL
-><DT
->determining,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->summary,
- <A
-HREF="c667.html#Header_58"
->The Default Quota and ACL on a New Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ROnly field in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->root directory,
- <A
-HREF="c130.html#HDRWQ14"
->Mount Points</A
->,
- <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->
- </DT
-><DT
->root superuser
- </DT
-><DD
-><DL
-><DT
->limiting logins,
- <A
-HREF="c667.html#HDRWQ74"
->Improving Security in Your Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->root volumes (root.afs and root.cell),
- <A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to Simplify Administration</A
->
- </DT
-><DT
->rsh command
- </DT
-><DD
-><DL
-><DT
->AFS compared to UNIX,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c667.html#Header_96"
->The AFS Backup System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->rules
- </DT
-><DD
-><DL
-><DT
->for uss bulk input file,
- <A
-HREF="c24913.html#HDRWQ488"
->Creating and Deleting Multiple Accounts with the uss bulk Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group names, assigning,
- <A
-HREF="c29323.html#HDRWQ546"
->To create groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ468"
->Where to Place Template Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Run status flag in BosConfig file
- </DT
-><DD
-><DL
-><DT
->changing to NotRun,
- <A
-HREF="c6449.html#HDRWQ165"
->To stop a process by changing its status to NotRun</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->runntp
- </DT
-><DD
-><DL
-><DT
->see NTPD</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->runntp process,
- <A
-HREF="c6449.html#HDRWQ151"
->The runntp Process</A
->
- </DT
-><DT
->RWrite field in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN41708"
->S</A
-></H2
-><DL
-><DT
->S instruction
- </DT
-><DD
-><DL
-><DT
->package configuration file,
- <A
-HREF="c23832.html#HDRWQ435"
->Defining a Character Special Device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->SALVAGE.fs file,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DT
->salvage.lock file,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DT
->SalvageLog file,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Salvager
- </DT
-><DD
-><DL
-><DT
->see Salvager</DT
-><DT
->as part of fs process,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ26"
->The Salvager</A
->
- </DT
-><DT
->displaying log file,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DT
->instructions for invoking,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DT
->running before VLDB/volume header resynchronization,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->
- </DT
-></DL
-></DD
-><DT
->salvaging
- </DT
-><DD
-><DL
-><DT
->volumes,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->saving
- </DT
-><DD
-><DL
-><DT
->previous version of server binaries,
- <A
-HREF="c3025.html#HDRWQ111"
->Installing New Binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->scheduling
- </DT
-><DD
-><DL
-><DT
->creation of backup volumes,
- <A
-HREF="c8420.html#HDRWQ202"
->Backing Up Multiple Volumes at Once</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->scout program,
- <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
->
- </DT
-><DD
-><DL
-><DT
->attention levels, setting,
- <A
-HREF="c18360.html#HDRWQ335"
->To start the scout program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->banner line,
- <A
-HREF="c18360.html#HDRWQ330"
->The Banner Line</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->basename,
- <A
-HREF="c18360.html#HDRWQ328"
->Using the -basename argument to Specify a Domain Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->command syntax,
- <A
-HREF="c18360.html#HDRWQ334"
->Resizing the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->display layout,
- <A
-HREF="c18360.html#HDRWQ329"
->The Layout of the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->display, resizing,
- <A
-HREF="c18360.html#HDRWQ334"
->Resizing the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->examples (command and display),
- <A
-HREF="c18360.html#HDRWQ336"
->Example Commands and Displays</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->features summarized,
- <A
-HREF="c18360.html#HDRWQ326"
->Using the scout Program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->highlighting in,
- <A
-HREF="c18360.html#HDRWQ332"
->Highlighting Significant Statistics</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring disk usage,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->outages, monitoring,
- <A
-HREF="c18360.html#HDRWQ333"
->Highlighting Server Outages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->probe reporting line,
- <A
-HREF="c18360.html#Header_368"
->The Probe Reporting Line</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->requirements,
- <A
-HREF="c18360.html#HDRWQ327"
->System Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->reverse video,
- <A
-HREF="c18360.html#HDRWQ332"
->Highlighting Significant Statistics</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting terminal type,
- <A
-HREF="c18360.html#HDRWQ327"
->System Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->starting,
- <A
-HREF="c18360.html#HDRWQ334"
->Resizing the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->statistics displayed,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->stopping,
- <A
-HREF="c18360.html#Header_374"
->To stop the scout program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->script for AFS initialization,
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DT
->secondary site (Ubik),
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DT
->security
- </DT
-><DD
-><DL
-><DT
->AFS features,
- <A
-HREF="c667.html#HDRWQ72"
->Some Important Security Features</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->encrypted network communication,
- <A
-HREF="c667.html#HDRWQ72"
->Some Important Security Features</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->suggestions for improving,
- <A
-HREF="c667.html#HDRWQ74"
->Improving Security in Your Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->self-owned group,
- <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->
- </DT
-><DT
->server
- </DT
-><DD
-><DL
-><DT
->definition,
- <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->process
- </DT
-><DD
-><DL
-><DT
->definition,
- <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->
- </DT
-><DT
->list of AFS,
- <A
-HREF="c130.html#HDRWQ17"
->AFS Server Processes and the Cache Manager</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->server encryption key,
- <A
-HREF="c667.html#HDRWQ76"
->Complex Mutual Authentication</A
->,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-><DT
->adding to KeyFile file,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Authentication Database,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing frequently,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->checksum displayed,
- <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual Authentication</A
->,
- <A
-HREF="c20494.html#HDRWQ358"
->About Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying from Authentication Database,
- <A
-HREF="c20494.html#HDRWQ360"
->To display the KeyFile file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying from KeyFile file,
- <A
-HREF="c20494.html#HDRWQ359"
->Displaying Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->emergency need to replace,
- <A
-HREF="c20494.html#HDRWQ370"
->Handling Server Encryption Key Emergencies</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->KeyFile file,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->password-like nature,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing from KeyFile file,
- <A
-HREF="c20494.html#HDRWQ368"
->Removing Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->role in mutual authentication,
- <A
-HREF="c20494.html#Header_412"
->Keys and Mutual Authentication: A Review</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting in Authentication Database,
- <A
-HREF="c20494.html#HDRWQ362"
->Adding Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->server entry in VLDB,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DT
->server machine
- </DT
-><DD
-><DL
-><DT
->administering,
- <A
-HREF="c3025.html"
->Administering Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary distribution role,
- <A
-HREF="c3025.html#HDRWQ92"
->Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration files in /usr/afs/etc,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration issues,
- <A
-HREF="c667.html#Header_58"
->The Default Quota and ACL on a New Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->database server role,
- <A
-HREF="c3025.html#HDRWQ91"
->Simple File Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->determining roles,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->first installed,
- <A
-HREF="c667.html#Header_58"
->The Default Quota and ACL on a New Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->monitoring,
- <A
-HREF="c667.html#Header_62"
->Configuring Partitions to Store AFS Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->need for consistent version of software,
- <A
-HREF="c3025.html#HDRWQ109"
->To restore an administrative database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->protecting directories on local disk,
- <A
-HREF="c667.html#HDRWQ52"
->Replicating the AFS Administrative Databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rebooting,
- <A
-HREF="c3025.html#Header_160"
->To change a server machine's IP addresses</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->roles for
- </DT
-><DD
-><DL
-><DT
->summary,
- <A
-HREF="c667.html#Header_58"
->The Default Quota and ACL on a New Volume</A
->
- </DT
-></DL
-></DD
-><DT
->roles summarized,
- <A
-HREF="c3025.html#HDRWQ89"
->Volume Headers on Server Partitions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting home cell,
- <A
-HREF="c667.html#HDRWQ34"
->Choosing a Cell Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->simple file server role,
- <A
-HREF="c3025.html#HDRWQ90"
->The Four Roles for File Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system control role,
- <A
-HREF="c3025.html#HDRWQ93"
->Binary Distribution Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uninstalling command & process binaries,
- <A
-HREF="c3025.html#Header_130"
->To install new server binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->server preference ranks,
- <A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
->
- </DT
-><DT
->server process
- </DT
-><DD
-><DL
-><DT
->binaries
- </DT
-><DD
-><DL
-><DT
->see server process binaries</DT
-></DL
-></DD
-><DT
->bosserver,
- <A
-HREF="c6449.html#HDRWQ146"
->The bosserver Process: the Basic OverSeer Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->buserver,
- <A
-HREF="c6449.html#HDRWQ147"
->The buserver Process: the Backup Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating,
- <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating and starting,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating ticket (tokens) for,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cron type, defined,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defining in BosConfig file,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->different names for,
- <A
-HREF="c6449.html#HDRWQ145"
->Brief Descriptions of the AFS Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying entry in BosConfig,
- <A
-HREF="c6449.html#HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying log files,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying status,
- <A
-HREF="c6449.html#HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs type, defined,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kaserver,
- <A
-HREF="c6449.html#HDRWQ149"
->The kaserver Process: the Authentication Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ptserver,
- <A
-HREF="c6449.html#HDRWQ150"
->The ptserver Process: the Protection Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing from BosConfig file,
- <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->,
- <A
-HREF="c6449.html#Header_184"
->To stop a process and remove it from the BosConfig file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting
- </DT
-><DD
-><DL
-><DT
->except BOS Server,
- <A
-HREF="c6449.html#Header_193"
->To stop and restart all processes including the BOS Server</A
->
- </DT
-></DL
-></DD
-><DT
->restarting by restarting BOS Server,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting for changed binaries,
- <A
-HREF="c3025.html#HDRWQ110"
->Installing Server Process Software</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting immediately after stopping,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting specific processes,
- <A
-HREF="c6449.html#Header_194"
->To stop and immediately restart all processes except the BOS Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->runntp,
- <A
-HREF="c6449.html#HDRWQ151"
->The runntp Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->simple type, defined,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->starting,
- <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->starting up,
- <A
-HREF="c6449.html#HDRWQ164"
->Stopping and Starting Processes Permanently</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->stopping permanently,
- <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->,
- <A
-HREF="c6449.html#Header_184"
->To stop a process and remove it from the BosConfig file</A
->,
- <A
-HREF="c6449.html#HDRWQ164"
->Stopping and Starting Processes Permanently</A
->,
- <A
-HREF="c6449.html#HDRWQ165"
->To stop a process by changing its status to NotRun</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->upclient,
- <A
-HREF="c6449.html#HDRWQ152"
->The upserver and upclient Processes: the Update Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->upserver,
- <A
-HREF="c6449.html#HDRWQ152"
->The upserver and upclient Processes: the Update Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of CellServDB file,
- <A
-HREF="c3025.html#Header_138"
->To display an AFS binary's build level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->vlserver,
- <A
-HREF="c6449.html#HDRWQ153"
->The vlserver Process: the Volume Location Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->server process binaries
- </DT
-><DD
-><DL
-><DT
->displaying time stamp,
- <A
-HREF="c3025.html#Header_132"
->To revert to the previous version of binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ83"
->Local Disk Files on a Server Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->installing,
- <A
-HREF="c3025.html#HDRWQ109"
->To restore an administrative database</A
->,
- <A
-HREF="c3025.html#HDRWQ110"
->Installing Server Process Software</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing obsolete,
- <A
-HREF="c3025.html#Header_134"
->To display binary version dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->reverting to old version,
- <A
-HREF="c3025.html#Header_130"
->To install new server binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uninstalling,
- <A
-HREF="c3025.html#Header_130"
->To install new server binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->server ticket,
- <A
-HREF="c20494.html#Header_412"
->Keys and Mutual Authentication: A Review</A
->
- </DT
-><DT
->server/client model,
- <A
-HREF="c130.html#HDRWQ10"
->Servers and Clients</A
->
- </DT
-><DT
->session key,
- <A
-HREF="c667.html#HDRWQ76"
->Complex Mutual Authentication</A
->,
- <A
-HREF="c20494.html#Header_412"
->Keys and Mutual Authentication: A Review</A
->
- </DT
-><DT
->setting
- </DT
-><DD
-><DL
-><DT
->ACL entries,
- <A
-HREF="c31274.html#HDRWQ573"
->Setting ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL for directory with uss,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL on home directory with uss,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ADMIN flag in Authentication Database entry,
- <A
-HREF="c32432.html#HDRWQ590"
->To check if the ADMIN flag is set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS UID and AFS GID counters,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS UID counters,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS user id and max group id counters,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->BOS Server's automatic restart times,
- <A
-HREF="c6449.html#Header_197"
->To display the BOS Server restart times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Cache Manager preferences for file server machines,
- <A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cell name,
- <A
-HREF="c667.html#HDRWQ34"
->Choosing a Cell Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->client interfaces registered with File Server,
- <A
-HREF="c21473.html#HDRWQ415"
->Managing Multihomed Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->client-to-file-server probe interval,
- <A
-HREF="c21473.html#HDRWQ410"
->Setting the File Server Probe Interval</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->counters for AFS UID and AFS GID,
- <A
-HREF="c29323.html#HDRWQ561"
->To display the AFS ID counters</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data cache size in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ397"
->To display the current cache size</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk cache location in cacheinfo file,
- <A
-HREF="c21473.html#HDRWQ395"
->Displaying and Setting the Cache Size and Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->event set (fstrace),
- <A
-HREF="c18360.html#Header_381"
->To configure the trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group-creation quota in Protection Database entry,
- <A
-HREF="c29323.html#HDRWQ557"
->To change the name of a machine or group entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->home cell for client machine,
- <A
-HREF="c21473.html#HDRWQ411"
->Setting a Client Machine's Cell Membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->password
- </DT
-><DD
-><DL
-><DT
->in Authentication Database,
- <A
-HREF="c27596.html#Header_588"
->To prohibit reuse of passwords</A
->
- </DT
-></DL
-></DD
-><DT
->privacy flags on Protection Database entry,
- <A
-HREF="c29323.html#Header_622"
->To set group-creation quota</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server machine interfaces registered in VLDB,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->terminal type for scout,
- <A
-HREF="c18360.html#HDRWQ327"
->System Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ThisCell file (client), value in,
- <A
-HREF="c21473.html#HDRWQ411"
->Setting a Client Machine's Cell Membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume quota
- </DT
-><DD
-><DL
-><DT
->on multiple volumes,
- <A
-HREF="c8420.html#Header_251"
->To set maximum quota on one or more volumes</A
->
- </DT
-><DT
->on single volume,
- <A
-HREF="c8420.html#Header_250"
->To set quota for a single volume</A
->
- </DT
-></DL
-></DD
-><DT
->volume quota with uss,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->setuid programs,
- <A
-HREF="c21473.html#HDRWQ409"
->Determining if a Client Can Run Setuid Programs</A
->
- </DT
-><DD
-><DL
-><DT
->restrictions on,
- <A
-HREF="c667.html#Header_41"
->Setuid Programs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting mode bits,
- <A
-HREF="c667.html#Header_37"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->share command,
- <A
-HREF="a33047.html#Header_679"
->To configure an NFS/AFS translator machine</A
->
- </DT
-><DT
->shared secret,
- <A
-HREF="c667.html#HDRWQ75"
->A More Detailed Look at Mutual Authentication</A
->
- </DT
-><DT
->shared use of group,
- <A
-HREF="c29323.html#HDRWQ544"
->Creating Groups</A
->
- </DT
-><DT
->shorthand notation
- </DT
-><DD
-><DL
-><DT
->ACL permissions,
- <A
-HREF="c31274.html#Header_636"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->simple file server machine,
- <A
-HREF="c3025.html#HDRWQ90"
->The Four Roles for File Server Machines</A
->
- </DT
-><DD
-><DL
-><DT
->identifying with bos status,
- <A
-HREF="c3025.html#HDRWQ97"
->To locate the binary distribution machine for a system type</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->simple process
- </DT
-><DD
-><DL
-><DT
->creating with bos create command,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->simple server process
- </DT
-><DD
-><DL
-><DT
->defining in BosConfig file,
- <A
-HREF="c6449.html#HDRWQ162"
->To create and start a new process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->simple-type server process
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->site
- </DT
-><DD
-><DL
-><DT
->count in VLDB,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume, defined,
- <A
-HREF="c8420.html#HDRWQ178"
->The Three Types of Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->site definition stage in replication,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DT
->slowed performance
- </DT
-><DD
-><DL
-><DT
->preventing in AFS,
- <A
-HREF="c130.html#HDRWQ16"
->Caching and Callbacks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->socket
- </DT
-><DD
-><DL
-><DT
->creating with package,
- <A
-HREF="c23832.html#HDRWQ435"
->Defining a Character Special Device</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->stages in volume replication,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-><DT
->starting
- </DT
-><DD
-><DL
-><DT
->database server process, about,
- <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->scout program,
- <A
-HREF="c18360.html#HDRWQ334"
->Resizing the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server process,
- <A
-HREF="c6449.html#HDRWQ161"
->Creating and Removing Processes</A
->,
- <A
-HREF="c6449.html#HDRWQ164"
->Stopping and Starting Processes Permanently</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->statistics display by scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DT
->status
- </DT
-><DD
-><DL
-><DT
->displaying for server process,
- <A
-HREF="c6449.html#HDRWQ159"
->To display the status of server processes and their BosConfig entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->status flag
- </DT
-><DD
-><DL
-><DT
->release, on site definitions in VLDB entry,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->status flag for process in BosConfig file
- </DT
-><DD
-><DL
-><DT
->Run and Not Run, meaning of,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->status flag in BosConfig file
- </DT
-><DD
-><DL
-><DT
->changing NotRun to Run,
- <A
-HREF="c6449.html#HDRWQ166"
->To start processes by changing their status flags to Run</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing Run to NotRun,
- <A
-HREF="c6449.html#HDRWQ165"
->To stop a process by changing its status to NotRun</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->status flags in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->stopping
- </DT
-><DD
-><DL
-><DT
->database server process, about,
- <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server process
- </DT
-><DD
-><DL
-><DT
->permanently,
- <A
-HREF="c6449.html#Header_184"
->To stop a process and remove it from the BosConfig file</A
->,
- <A
-HREF="c6449.html#HDRWQ164"
->Stopping and Starting Processes Permanently</A
->
- </DT
-></DL
-></DD
-><DT
->server process and immediately restarting,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Store statistic from scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-><DT
->strings command,
- <A
-HREF="c3025.html#HDRWQ117"
->Displaying A Binary File's Build Level</A
->
- </DT
-><DT
->suitability of volumes for replication,
- <A
-HREF="c8420.html#HDRWQ193"
->Using Read-only Volumes Effectively</A
->
- </DT
-><DT
->symbolic link
- </DT
-><DD
-><DL
-><DT
->at second level of AFS pathname,
- <A
-HREF="c667.html#Header_51"
->The Top /afs Level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with package,
- <A
-HREF="c23832.html#HDRWQ432"
->Defining a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with uss,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->overwritten by uss if exists,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->symptoms
- </DT
-><DD
-><DL
-><DT
->of VLDB/volume header desynchronization,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume corruption,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->synchronization site (Ubik)
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flexibility,
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->synchrony
- </DT
-><DD
-><DL
-><DT
->controlling for Cache Manager write operations,
- <A
-HREF="c21473.html#HDRWQ418"
->Enabling Asynchronous Writes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when AFS files saved on NFS clients,
- <A
-HREF="a33047.html#HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->synchrony of VLDB and volume headers
- </DT
-><DD
-><DL
-><DT
->maintained by VL and Volume Servers,
- <A
-HREF="c8420.html#HDRWQ182"
->Keeping the VLDB and Volume Headers Synchronized</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restoring,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->symptoms of lack of,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->sys (@sys) variable in pathnames,
- <A
-HREF="c667.html#Header_66"
->Enabling Access to Foreign Cells</A
->
- </DT
-><DT
->sys command,
- <A
-HREF="c21473.html#HDRWQ417"
->Displaying and Setting the System Type Name</A
->
- </DT
-><DT
->sysid file,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DT
->system control machine,
- <A
-HREF="c3025.html#HDRWQ93"
->Binary Distribution Machines</A
->
- </DT
-><DD
-><DL
-><DT
->as distributor of UserList file,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file, distributing to server machines,
- <A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->identifying with bos status,
- <A
-HREF="c3025.html#HDRWQ95"
->To locate database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->source for common KeyFile file,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->system groups
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c29323.html#HDRWQ534"
->About the Protection Database</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->using on ACLs,
- <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->system outages
- </DT
-><DD
-><DL
-><DT
->due to automatic server restart,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->due to server process restart,
- <A
-HREF="c6449.html#HDRWQ170"
->Stopping and Immediately Restarting Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->due to Ubik election,
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->reducing,
- <A
-HREF="c130.html#HDRWQ19"
->The Basic OverSeer Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->system:administrators group,
- <A
-HREF="c29323.html#HDRWQ534"
->About the Protection Database</A
->
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c667.html#HDRWQ61"
->Using AFS Protection Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->members
- </DT
-><DD
-><DL
-><DT
->adding,
- <A
-HREF="c32432.html#Header_657"
->To add users to the system:administrators group</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DT
->removing,
- <A
-HREF="c32432.html#HDRWQ588"
->To remove users from the system:administrators group</A
->
- </DT
-></DL
-></DD
-><DT
->privileges resulting,
- <A
-HREF="c32432.html#HDRWQ586"
->Administering the system:administrators Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->system:anyuser group,
- <A
-HREF="c29323.html#HDRWQ534"
->About the Protection Database</A
->
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c667.html#HDRWQ61"
->Using AFS Protection Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->using on ACLs,
- <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->system:authuser group,
- <A
-HREF="c29323.html#HDRWQ534"
->About the Protection Database</A
->
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c667.html#HDRWQ61"
->Using AFS Protection Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->using on ACLs,
- <A
-HREF="c31274.html#HDRWQ571"
->Using Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN42255"
->T</A
-></H2
-><DL
-><DT
->tape (Backup System)
- </DT
-><DD
-><DL
-><DT
->automating mounting and unmounting,
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->eliminating check for proper name,
- <A
-HREF="c12776.html#HDRWQ279"
->Enabling Default Responses to Error Conditions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->scanning,
- <A
-HREF="c15383.html#HDRWQ304"
->To display a volume's dump history</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Tape Coordinator (Backup System)
- </DT
-><DD
-><DL
-><DT
->adding to Backup Database,
- <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->assigning file ownership,
- <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->automating tape mounting and unmounting,
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuring
- </DT
-><DD
-><DL
-><DT
->AIX system,
- <A
-HREF="c12776.html#HDRWQ261"
->Configuring Tape Coordinator Machines and Tape Devices</A
->
- </DT
-><DT
->machine,
- <A
-HREF="c12776.html#HDRWQ261"
->Configuring Tape Coordinator Machines and Tape Devices</A
->
- </DT
-><DT
->tape device,
- <A
-HREF="c12776.html#HDRWQ261"
->Configuring Tape Coordinator Machines and Tape Devices</A
->
- </DT
-></DL
-></DD
-><DT
->described,
- <A
-HREF="c12776.html#HDRWQ255"
->Tape Coordinator Machines, Port Offsets, and Backup Data Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->device configuration file (CFG),
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->eliminating check for proper tape name,
- <A
-HREF="c12776.html#HDRWQ279"
->Enabling Default Responses to Error Conditions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->eliminating search/prompt for initial tape,
- <A
-HREF="c12776.html#Header_313"
->The Available Parameters and Required Exit Codes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->filemark
- </DT
-><DD
-><DL
-><DT
->described,
- <A
-HREF="c12776.html#HDRWQ254"
->Tape Labels, Dump Labels, and EOF Markers</A
->
- </DT
-><DT
->determining size,
- <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->
- </DT
-></DL
-></DD
-><DT
->port offset number
- </DT
-><DD
-><DL
-><DT
->assigning,
- <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->
- </DT
-><DT
->defined,
- <A
-HREF="c12776.html#HDRWQ255"
->Tape Coordinator Machines, Port Offsets, and Backup Data Files</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_288"
->To unconfigure a Tape Coordinator</A
->
- </DT
-></DL
-></DD
-><DT
->process
- </DT
-><DD
-><DL
-><DT
->starting,
- <A
-HREF="c15383.html#HDRWQ291"
->Starting and Stopping the Tape Coordinator Process</A
->
- </DT
-></DL
-></DD
-><DT
->removing from Backup Database,
- <A
-HREF="c12776.html#Header_287"
->To configure an additional Tape Coordinator on an existing Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->starting,
- <A
-HREF="c15383.html#HDRWQ291"
->Starting and Stopping the Tape Coordinator Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->status
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c15383.html#Header_331"
->To stop a Tape Coordinator process</A
->
- </DT
-></DL
-></DD
-><DT
->stopping,
- <A
-HREF="c15383.html#HDRWQ292"
->To start a Tape Coordinator process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->task ID numbers,
- <A
-HREF="c15383.html#HDRWQ291"
->Starting and Stopping the Tape Coordinator Process</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->using default responses to errors,
- <A
-HREF="c12776.html#HDRWQ278"
->Eliminating the Search or Prompt for the Initial Tape</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->tape labels
- </DT
-><DD
-><DL
-><DT
->useCounts of tapes,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->tape recycling schedules,
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DT
->tapeconfig file,
- <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->
- </DT
-><DD
-><DL
-><DT
->ownership, assigning,
- <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->tapes (Backup System)
- </DT
-><DD
-><DL
-><DT
->archiving,
- <A
-HREF="c12776.html#HDRWQ269"
->Archiving Tapes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->capacity
- </DT
-><DD
-><DL
-><DT
->determining,
- <A
-HREF="c12776.html#HDRWQ258"
->Configuring the tapeconfig File</A
->
- </DT
-><DT
->recording on label,
- <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->
- </DT
-></DL
-></DD
-><DT
->eliminating search/prompt for initial,
- <A
-HREF="c12776.html#Header_313"
->The Available Parameters and Required Exit Codes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->label
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->
- </DT
-><DT
->described,
- <A
-HREF="c12776.html#HDRWQ254"
->Tape Labels, Dump Labels, and EOF Markers</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->
- </DT
-></DL
-></DD
-><DT
->names
- </DT
-><DD
-><DL
-><DT
->assigning,
- <A
-HREF="c12776.html#HDRWQ272"
->Writing and Reading Tape Labels</A
->
- </DT
-><DT
->described,
- <A
-HREF="c12776.html#Header_275"
->Dump Hierarchies, Dump Levels and Expiration Dates</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->task ID numbers (Backup System),
- <A
-HREF="c15383.html#HDRWQ291"
->Starting and Stopping the Tape Coordinator Process</A
->
- </DT
-><DT
->terminal type
- </DT
-><DD
-><DL
-><DT
->setting for afsmonitor,
- <A
-HREF="c18360.html#HDRWQ350"
->Requirements for running the afsmonitor program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting for scout program,
- <A
-HREF="c18360.html#HDRWQ327"
->System Requirements</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->TGS,
- <A
-HREF="c20494.html#Header_412"
->Keys and Mutual Authentication: A Review</A
->
- </DT
-><DT
->ThisCell file (client),
- <A
-HREF="c21473.html#HDRWQ392"
->Configuration Files in the /usr/vice/etc Directory</A
->
- </DT
-><DD
-><DL
-><DT
->how used by programs,
- <A
-HREF="c667.html#Header_43"
->How to Set the Cell Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting value in,
- <A
-HREF="c21473.html#HDRWQ411"
->Setting a Client Machine's Cell Membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ThisCell file (server),
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DT
->thresholds for statistics in scout display
- </DT
-><DD
-><DL
-><DT
->setting,
- <A
-HREF="c18360.html#HDRWQ335"
->To start the scout program</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Ticket Granting Service,
- <A
-HREF="c20494.html#Header_412"
->Keys and Mutual Authentication: A Review</A
->
- </DT
-><DT
->ticket-granter,
- <A
-HREF="c667.html#HDRWQ76"
->Complex Mutual Authentication</A
->
- </DT
-><DT
->tickets
- </DT
-><DD
-><DL
-><DT
->see tokens</DT
-></DL
-></DD
-><DT
->time stamp
- </DT
-><DD
-><DL
-><DT
->on binary file, listing,
- <A
-HREF="c3025.html#Header_132"
->To revert to the previous version of binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->tokens
- </DT
-><DD
-><DL
-><DT
->command,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating for server process,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->data in,
- <A
-HREF="c667.html#HDRWQ76"
->Complex Mutual Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->discarding with knfs command,
- <A
-HREF="a33047.html#Header_687"
->To display tokens using the knfs command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->discarding with unlog command,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying for user,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying with knfs command,
- <A
-HREF="a33047.html#Header_686"
->To authenticate using the knfs command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->one-per-cell rule,
- <A
-HREF="c667.html#HDRWQ63"
->Login and Authentication in AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting default lifetimes for users,
- <A
-HREF="c667.html#Header_82"
->Setting Default Token Lifetimes for Users</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->tokens.krb command,
- <A
-HREF="c667.html#HDRWQ70"
->Support for Kerberos Authentication</A
->
- </DT
-><DT
->trace log (fstrace)
- </DT
-><DD
-><DL
-><DT
->clearing contents,
- <A
-HREF="c18360.html#Header_387"
->To dump the contents of a trace log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuring,
- <A
-HREF="c18360.html#HDRWQ344"
->Activating the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying state,
- <A
-HREF="c18360.html#Header_384"
->To display the state of an event set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dumping,
- <A
-HREF="c18360.html#HDRWQ347"
->Dumping and Clearing the Trace Log</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->persistence,
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->trace log from (fstrace)
- </DT
-><DD
-><DL
-><DT
->cmfx,
- <A
-HREF="c18360.html#HDRWQ342"
->About the fstrace Command Suite</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->translating
- </DT
-><DD
-><DL
-><DT
->directory/file name to volume ID number,
- <A
-HREF="c8420.html#HDRWQ224"
->To display the name of the volume that contains a file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->directory/file name to volume location,
- <A
-HREF="c8420.html#HDRWQ225"
->To display the ID number of the volume that contains a file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->directory/file name to volume name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume ID number to name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume name to ID number,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume name/ID number to volume location,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->translator
- </DT
-><DD
-><DL
-><DT
->NFS/AFS,
- <A
-HREF="a33047.html"
->Managing the NFS/AFS Translator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->transparent access as AFS feature,
- <A
-HREF="c130.html#HDRWQ12"
->The Uniform Namespace and Transparent Access</A
->
- </DT
-><DT
->turning off authorization checking,
- <A
-HREF="c3025.html#HDRWQ125"
->Controlling Authorization Checking on a Server Machine</A
->
- </DT
-><DT
->turning on authorization checking,
- <A
-HREF="c3025.html#HDRWQ126"
->To disable authorization checking on a server machine</A
->
- </DT
-><DT
->type flag for volume
- </DT
-><DD
-><DL
-><DT
->VLDB entry,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN42462"
->U</A
-></H2
-><DL
-><DT
->Ubik
- </DT
-><DD
-><DL
-><DT
->automatic updates,
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->consistency guarantees,
- <A
-HREF="c3025.html#HDRWQ104"
->How Ubik Operates Automatically</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->election of coordinator,
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->failure due to mismatched server encryption keys,
- <A
-HREF="c20494.html#HDRWQ370"
->Handling Server Encryption Key Emergencies</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->features summarized,
- <A
-HREF="c3025.html#HDRWQ103"
->Configuring the Cell for Proper Ubik Operation</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->majority defined,
- <A
-HREF="c3025.html#HDRWQ105"
->How Ubik Uses Timestamped Messages</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->operation described,
- <A
-HREF="c3025.html#HDRWQ101"
->Administering Database Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->requirements summarized,
- <A
-HREF="c3025.html#HDRWQ102"
->Replicating the AFS Administrative Databases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server and client portions,
- <A
-HREF="c3025.html#HDRWQ103"
->Configuring the Cell for Proper Ubik Operation</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of CellServDB file,
- <A
-HREF="c3025.html#Header_138"
->To display an AFS binary's build level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use of NetInfo and NetRestrict files,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->udebug
- </DT
-><DD
-><DL
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->UFS
- </DT
-><DD
-><DL
-><DT
->file protection compared to AFS,
- <A
-HREF="c31274.html#HDRWQ566"
->Differences Between UFS and AFS Data Protection</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mode bits, interpretation in AFS,
- <A
-HREF="c31274.html#HDRWQ580"
->How AFS Interprets the UNIX Mode Bits</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->umount command,
- <A
-HREF="c3025.html#HDRWQ135"
->To unmount and remove a disk housing AFS volumes</A
->
- </DT
-><DT
->undefined ACL permissions,
- <A
-HREF="c31274.html#Header_635"
->The Eight Auxiliary Permissions</A
->
- </DT
-><DT
->uninstalling
- </DT
-><DD
-><DL
-><DT
->server process and command suite binaries,
- <A
-HREF="c3025.html#Header_130"
->To install new server binaries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->UNIX
- </DT
-><DD
-><DL
-><DT
->differences from AFS summarized,
- <A
-HREF="c667.html"
->Issues in Cell Configuration and Administration</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mode bits, interpretation in AFS,
- <A
-HREF="c31274.html#HDRWQ580"
->How AFS Interprets the UNIX Mode Bits</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->UID
- </DT
-><DD
-><DL
-><DT
->functional difference from AFS UID,
- <A
-HREF="c130.html#HDRWQ20"
->The Authentication Server</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->UNIX UID
- </DT
-><DD
-><DL
-><DT
->difference from AFS UID,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->matching with AFS UID,
- <A
-HREF="c24913.html#HDRWQ455"
->Creating Local Password File Entries with uss</A
->,
- <A
-HREF="c27596.html#HDRWQ494"
->The Components of an AFS User Account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->unlocking
- </DT
-><DD
-><DL
-><DT
->VLDB entry,
- <A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->unlog command,
- <A
-HREF="c667.html#HDRWQ69"
->Using Two-Step Login and Authentication</A
->
- </DT
-><DD
-><DL
-><DT
->when handling key emergency,
- <A
-HREF="c20494.html#HDRWQ373"
->Disabling Authorization Checking in an Emergency</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->UNMOUNT instruction in CFG_device_name file,
- <A
-HREF="c12776.html#HDRWQ276"
->Creating a Device Configuration File</A
->
- </DT
-><DT
->unmounting
- </DT
-><DD
-><DL
-><DT
->file server machine disk,
- <A
-HREF="c3025.html#HDRWQ131"
->To add and mount a new disk to house AFS volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume,
- <A
-HREF="c8420.html#HDRWQ215"
->To remove a mount point</A
->,
- <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->upclient
- </DT
-><DD
-><DL
-><DT
->see Update Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->update date
- </DT
-><DD
-><DL
-><DT
->recorded in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Update Server
- </DT
-><DD
-><DL
-><DT
->about starting and stopping,
- <A
-HREF="c6449.html#HDRWQ157"
->About Starting and Stopping the Update Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->as upserver and upclient processes,
- <A
-HREF="c6449.html#HDRWQ152"
->The upserver and upclient Processes: the Update Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binaries in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->CellServDB file (server), distributing,
- <A
-HREF="c3025.html#HDRWQ118"
->Maintaining the Server CellServDB File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->client portion,
- <A
-HREF="c130.html#HDRWQ24"
->The Update Server</A
->
- </DT
-><DD
-><DL
-><DT
->for binaries,
- <A
-HREF="c3025.html#HDRWQ92"
->Database Server Machines</A
->
- </DT
-><DT
->for configuration files,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ24"
->The Update Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->distributing server configuration files,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->distributor of KeyFile file,
- <A
-HREF="c20494.html#Header_413"
->Maintaining AFS Server Encryption Keys</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server portion,
- <A
-HREF="c130.html#HDRWQ24"
->The Update Server</A
->
- </DT
-><DD
-><DL
-><DT
->on binary distribution machine,
- <A
-HREF="c3025.html#HDRWQ92"
->Database Server Machines</A
->
- </DT
-><DT
->on system control machine,
- <A
-HREF="c3025.html#HDRWQ94"
->The System Control Machine</A
->
- </DT
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ152"
->The upserver and upclient Processes: the Update Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->updating
- </DT
-><DD
-><DL
-><DT
->CellServDB file (client) with or without package,
- <A
-HREF="c21473.html#Header_455"
->To display the list of database server machines in kernel memory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->upserver
- </DT
-><DD
-><DL
-><DT
->see Update Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->useCount counter on tape label (Backup System),
- <A
-HREF="c12776.html#HDRWQ268"
->Creating a Tape Recycling Schedule</A
->
- </DT
-><DT
->user
- </DT
-><DD
-><DL
-><DT
->account
- </DT
-><DD
-><DL
-><DT
->see user account</DT
-><DT
->see user account</DT
-></DL
-></DD
-><DT
->adding to group,
- <A
-HREF="c29323.html#HDRWQ549"
->Adding and Removing Group Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS UID, assigning,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group memberships
- </DT
-><DD
-><DL
-><DT
->displaying number,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-></DL
-></DD
-><DT
->group memberships, displaying,
- <A
-HREF="c29323.html#HDRWQ537"
->To display a Protection Database entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group-creation quota
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c29323.html#HDRWQ557"
->To change the name of a machine or group entry</A
->
- </DT
-></DL
-></DD
-><DT
->groups owned, displaying,
- <A
-HREF="c29323.html#HDRWQ538"
->To display group membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->name
- </DT
-><DD
-><DL
-><DT
->see username</DT
-></DL
-></DD
-><DT
->privacy flags on Protection Database entry
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->setting,
- <A
-HREF="c29323.html#Header_622"
->To set group-creation quota</A
->
- </DT
-></DL
-></DD
-><DT
->Protection Database entry
- </DT
-><DD
-><DL
-><DT
->deleting,
- <A
-HREF="c29323.html#HDRWQ552"
->Deleting Protection Database Entries</A
->
- </DT
-><DT
->displaying,
- <A
-HREF="c29323.html#HDRWQ536"
->Displaying Information from the Protection Database</A
->
- </DT
-><DT
->displaying all,
- <A
-HREF="c29323.html#HDRWQ540"
->To list the groups that a user or group owns</A
->
- </DT
-></DL
-></DD
-><DT
->Protection Database entry, described,
- <A
-HREF="c29323.html#HDRWQ532"
->Summary of Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing from group,
- <A
-HREF="c29323.html#HDRWQ550"
->To add users and machines to groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->user account
- </DT
-><DD
-><DL
-><DT
->components,
- <A
-HREF="c24913.html#HDRWQ452"
->Overview of the uss Command Suite</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->configuration issues,
- <A
-HREF="c667.html#Header_68"
->Setting Server Preferences</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->converting existing UNIX to AFS
- </DT
-><DD
-><DL
-><DT
->with manual account creation,
- <A
-HREF="c27596.html#HDRWQ497"
->Specifying Passwords in the Local Password File</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password File</A
->
- </DT
-></DL
-></DD
-><DT
->creating
- </DT
-><DD
-><DL
-><DT
->standard files in,
- <A
-HREF="c667.html#Header_72"
->Making a Backup Version of User Volumes Available</A
->
- </DT
-><DT
->with individual commands,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->creating different types with uss,
- <A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating/deleting many at once,
- <A
-HREF="c24913.html#HDRWQ487"
->To delete an AFS account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creation using uss
- </DT
-><DD
-><DL
-><DT
->previewing,
- <A
-HREF="c24913.html#HDRWQ453"
->Privilege Requirements for the uss Commands</A
->
- </DT
-></DL
-></DD
-><DT
->deleting with uss,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deletion using uss
- </DT
-><DD
-><DL
-><DT
->previewing,
- <A
-HREF="c24913.html#HDRWQ453"
->Privilege Requirements for the uss Commands</A
->
- </DT
-></DL
-></DD
-><DT
->matching AFS and UNIX UIDs,
- <A
-HREF="c24913.html#HDRWQ455"
->Creating Local Password File Entries with uss</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->methods for grouping,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing from system,
- <A
-HREF="c27596.html#HDRWQ524"
->Removing a User Account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->suggestions for grouping home directories,
- <A
-HREF="c667.html#HDRWQ58"
->Choosing Usernames and Naming Other Account Components</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->two methods for creating and deleting,
- <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command Suite</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->uss commands to create/delete
- </DT
-><DD
-><DL
-><DT
->previewing,
- <A
-HREF="c24913.html#HDRWQ453"
->Privilege Requirements for the uss Commands</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->UserList file,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-><DT
->adding users,
- <A
-HREF="c32432.html#HDRWQ594"
->To add users to the UserList file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privileges resulting,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing users,
- <A
-HREF="c32432.html#Header_665"
->To remove users from the UserList file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->username
- </DT
-><DD
-><DL
-><DT
->assigning
- </DT
-><DD
-><DL
-><DT
->with pts createuser command,
- <A
-HREF="c27596.html#HDRWQ502"
->Creating AFS User Accounts</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->changing,
- <A
-HREF="c27596.html#HDRWQ517"
->Displaying and Setting the Quota on User Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->choosing,
- <A
-HREF="c667.html#HDRWQ57"
->Configuring AFS User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->part of volume name,
- <A
-HREF="c667.html#HDRWQ58"
->Choosing Usernames and Naming Other Account Components</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use by Kerberos,
- <A
-HREF="c130.html#HDRWQ20"
->The Authentication Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->usr/afs/backup directory
- </DT
-><DD
-><DL
-><DT
->ownership, assigning,
- <A
-HREF="c12776.html#HDRWQ262"
->To configure a Tape Coordinator machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->usr/afs/bin directory
- </DT
-><DD
-><DL
-><DT
->removing obsolete .BAK and .OLD files,
- <A
-HREF="c3025.html#Header_134"
->To display binary version dates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->usr/afs/bin directory on server machines
- </DT
-><DD
-><DL
-><DT
->contents listed,
- <A
-HREF="c3025.html#HDRWQ83"
->Local Disk Files on a Server Machine</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->usr/afs/bin/bosserver,
- <A
-HREF="c6449.html#HDRWQ146"
->The bosserver Process: the Basic OverSeer Server</A
->
- </DT
-><DT
->usr/afs/db directory on server machines
- </DT
-><DD
-><DL
-><DT
->contents listed,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->usr/afs/etc directory on server machines
- </DT
-><DD
-><DL
-><DT
->contents listed,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->usr/afs/local directory on server machines
- </DT
-><DD
-><DL
-><DT
->contents listed,
- <A
-HREF="c3025.html#HDRWQ85"
->Common Configuration Files in the /usr/afs/etc Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->usr/afs/logs directory on server machines
- </DT
-><DD
-><DL
-><DT
->contents listed,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->usr/vice/cache directory,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DT
->usr/vice/etc directory,
- <A
-HREF="c21473.html#HDRWQ391"
->Configuration and Cache-Related Files on the Local Disk</A
->
- </DT
-><DT
->uss
- </DT
-><DD
-><DL
-><DT
->account
- </DT
-><DD
-><DL
-><DT
->recovering from account creation failure,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-></DL
-></DD
-><DT
->AFS UID, assigning,
- <A
-HREF="c24913.html#HDRWQ455"
->Creating Local Password File Entries with uss</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->command
- </DT
-><DD
-><DL
-><DT
->reissuing, effect of,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-></DL
-></DD
-><DT
->hard link, creating,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->previewing effect of command,
- <A
-HREF="c24913.html#HDRWQ453"
->Privilege Requirements for the uss Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->symbolic link, creating,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->uss bulk input file
- </DT
-><DD
-><DL
-><DT
->rules for constructing,
- <A
-HREF="c24913.html#HDRWQ488"
->Creating and Deleting Multiple Accounts with the uss bulk Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->uss commands
- </DT
-><DD
-><DL
-><DT
->ACL, setting for directory,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL, setting on home directory,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->add,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DD
-><DL
-><DT
->avoiding interruption,
- <A
-HREF="c24913.html#HDRWQ453"
->Privilege Requirements for the uss Commands</A
->
- </DT
-></DL
-></DD
-><DT
->advantages over individual account-creation commands,
- <A
-HREF="c24913.html#HDRWQ462"
->Moving Local Files into AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->bulk,
- <A
-HREF="c24913.html#Header_571"
->To create and delete multiple AFS user accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->command, executing with X instruction,
- <A
-HREF="c24913.html#HDRWQ478"
->Increasing Account Security with the A Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->converting existing UNIX accounts,
- <A
-HREF="c24913.html#HDRWQ458"
->Creating a Common Source Password File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating individual user account,
- <A
-HREF="c24913.html#HDRWQ479"
->Executing Commands with the X Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating/deleting user accounts in bulk,
- <A
-HREF="c24913.html#HDRWQ487"
->To delete an AFS account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->delete,
- <A
-HREF="c24913.html#HDRWQ487"
->To delete an AFS account</A
->
- </DT
-><DD
-><DL
-><DT
->avoiding interruption,
- <A
-HREF="c24913.html#HDRWQ453"
->Privilege Requirements for the uss Commands</A
->
- </DT
-></DL
-></DD
-><DT
->deleting individual user account,
- <A
-HREF="c24913.html#HDRWQ483"
->To create an AFS account with the uss add command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->directory
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DT
->distributing evenly with G instruction,
- <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->
- </DT
-></DL
-></DD
-><DT
->file, creating by echoing one line,
- <A
-HREF="c24913.html#HDRWQ475"
->Creating a File from a Prototype with the F Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file, creating from prototype,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->local password file
- </DT
-><DD
-><DL
-><DT
->creating common source version,
- <A
-HREF="c24913.html#HDRWQ457"
->Specifying Passwords in the Local Password File</A
->
- </DT
-></DL
-></DD
-><DT
->overwriting existing account components,
- <A
-HREF="c24913.html#HDRWQ454"
->Avoiding and Recovering from Errors and Interrupted Operations</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->password/authentication security, setting with A instruction,
- <A
-HREF="c24913.html#HDRWQ477"
->Creating Links with the L and S Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege required,
- <A
-HREF="c24913.html#Header_538"
->The Components of an AFS User Account</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume
- </DT
-><DD
-><DL
-><DT
->creating with V instruction,
- <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
->
- </DT
-><DT
->mounting,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DT
->setting quota,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->uss template file
- </DT
-><DD
-><DL
-><DT
->A instruction,
- <A
-HREF="c24913.html#HDRWQ477"
->Creating Links with the L and S Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL, setting
- </DT
-><DD
-><DL
-><DT
->directory created by D instruction,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->
- </DT
-><DT
->user home directory with V instruction,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->advantages,
- <A
-HREF="c24913.html#HDRWQ462"
->Moving Local Files into AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->command, executing with X instruction,
- <A
-HREF="c24913.html#HDRWQ478"
->Increasing Account Security with the A Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->constants,
- <A
-HREF="c24913.html#HDRWQ464"
->Creating the Three Types of User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->D instruction,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->directory
- </DT
-><DD
-><DL
-><DT
->creating with D instruction,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DT
->G instruction for even distribution,
- <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->
- </DT
-></DL
-></DD
-><DT
->E instruction,
- <A
-HREF="c24913.html#HDRWQ475"
->Creating a File from a Prototype with the F Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->examples,
- <A
-HREF="c24913.html#HDRWQ470"
->About Creating Local Disk Directories and Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->F instruction,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file
- </DT
-><DD
-><DL
-><DT
->creating by echoing one line,
- <A
-HREF="c24913.html#HDRWQ475"
->Creating a File from a Prototype with the F Instruction</A
->
- </DT
-><DT
->creating from prototype,
- <A
-HREF="c24913.html#HDRWQ474"
->Creating a Directory with the D Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->G instruction,
- <A
-HREF="c24913.html#HDRWQ471"
->Example uss Templates</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->hard link, creating,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->instructions for different account types,
- <A
-HREF="c24913.html#HDRWQ463"
->Constructing a uss Template File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->instructions summarized,
- <A
-HREF="c24913.html#HDRWQ462"
->Moving Local Files into AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->L instruction,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mount point, creating with V instruction,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->number variables,
- <A
-HREF="c24913.html#HDRWQ465"
->Using Constants and Variables in the Template File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->password/authentication security, setting with A instruction,
- <A
-HREF="c24913.html#HDRWQ477"
->Creating Links with the L and S Instructions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->quota on volume, setting with V instruction,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rules for constructing,
- <A
-HREF="c24913.html#HDRWQ468"
->Where to Place Template Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->S instruction,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->standard locations,
- <A
-HREF="c24913.html#HDRWQ465"
->Using Constants and Variables in the Template File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->symbolic link, creating,
- <A
-HREF="c24913.html#HDRWQ476"
->Creating One-Line Files with the E Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->V instruction,
- <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->variables,
- <A
-HREF="c24913.html#HDRWQ464"
->Creating the Three Types of User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume
- </DT
-><DD
-><DL
-><DT
->creating with V instruction,
- <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
->
- </DT
-></DL
-></DD
-><DT
->X instruction,
- <A
-HREF="c24913.html#HDRWQ478"
->Increasing Account Security with the A Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->zero-length,
- <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN42883"
->V</A
-></H2
-><DL
-><DT
->V.vol_ID.vol file,
- <A
-HREF="c3025.html#HDRWQ89"
->Volume Headers on Server Partitions</A
->
- </DT
-><DT
->variable
- </DT
-><DD
-><DL
-><DT
->AFSCELL,
- <A
-HREF="c15383.html#HDRWQ287"
->Performing Backup Operations as the Local Superuser Root or in a Foreign Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->variables
- </DT
-><DD
-><DL
-><DT
->@sys in pathnames,
- <A
-HREF="c667.html#Header_66"
->Enabling Access to Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->in uss template file,
- <A
-HREF="c24913.html#HDRWQ464"
->Creating the Three Types of User Accounts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->variations possible
- </DT
-><DD
-><DL
-><DT
->in replication,
- <A
-HREF="c8420.html#Header_216"
->Replication Scenarios</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->vicep directory on server machines
- </DT
-><DD
-><DL
-><DT
->contents listed,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->VL Server
- </DT
-><DD
-><DL
-><DT
->about starting and stopping,
- <A
-HREF="c6449.html#HDRWQ156"
->About Starting and Stopping the Database Server Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->as vlserver process,
- <A
-HREF="c6449.html#HDRWQ153"
->The vlserver Process: the Volume Location Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Cache Manager preference ranks for,
- <A
-HREF="c21473.html#HDRWQ414"
->Maintaining Server Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ23"
->The Volume Location (VL) Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->importance to transparent access,
- <A
-HREF="c130.html#HDRWQ23"
->The Volume Location (VL) Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after adding entry to server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ120"
->To display a cell's database server machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restarting after removing entry from server CellServDB file,
- <A
-HREF="c3025.html#HDRWQ121"
->To add a database server machine to the CellServDB file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->role in VLDB/volume header synchronization,
- <A
-HREF="c8420.html#HDRWQ182"
->Keeping the VLDB and Volume Headers Synchronized</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->runs on database server machine,
- <A
-HREF="c3025.html#HDRWQ91"
->Simple File Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ153"
->The vlserver Process: the Volume Location Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->VLDB,
- <A
-HREF="c130.html#HDRWQ23"
->The Volume Location (VL) Server</A
->
- </DT
-><DD
-><DL
-><DT
->defining read-only site in,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying entry
- </DT
-><DD
-><DL
-><DT
->with volume header,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-></DL
-></DD
-><DT
->displaying volume entry,
- <A
-HREF="c8420.html#HDRWQ217"
->Displaying VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->intention flag set by VL Server,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->locking/unlocking entry,
- <A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->release status flags in volume entry,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server machine interfaces registered
- </DT
-><DD
-><DL
-><DT
->listed in sysid file,
- <A
-HREF="c3025.html#HDRWQ86"
->Local Configuration Files in the /usr/afs/local Directory</A
->
- </DT
-></DL
-></DD
-><DT
->site count for volume,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->synchronizing with volume headers,
- <A
-HREF="c8420.html#HDRWQ182"
->Keeping the VLDB and Volume Headers Synchronized</A
->,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume entry,
- <A
-HREF="c8420.html#HDRWQ180"
->Volume Information in the VLDB</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume type flags,
- <A
-HREF="c8420.html#HDRWQ218"
->To display VLDB entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->vldb.DB0 file,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DT
->vldb.DBSYS1 file,
- <A
-HREF="c3025.html#HDRWQ87"
->Replicated Database Files in the /usr/afs/db Directory</A
->
- </DT
-><DT
->VLLog file,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->vlserver
- </DT
-><DD
-><DL
-><DT
->see VL Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->Vn file (data cache),
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DT
->vnode index,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DT
->VolserLog file,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->volserver
- </DT
-><DD
-><DL
-><DT
->see Volume Server</DT
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-></DL
-></DD
-><DT
->volume
- </DT
-><DD
-><DL
-><DT
->as unit of
- </DT
-><DD
-><DL
-><DT
->backup,
- <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->
- </DT
-><DT
->replication,
- <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->
- </DT
-><DT
->resource management,
- <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->
- </DT
-></DL
-></DD
-><DT
->as unit of backup,
- <A
-HREF="c8420.html#HDRWQ179"
->How Volumes Improve AFS Efficiency</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->as unit of replication,
- <A
-HREF="c8420.html#HDRWQ179"
->How Volumes Improve AFS Efficiency</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->automating creation of backup version,
- <A
-HREF="c8420.html#HDRWQ202"
->Backing Up Multiple Volumes at Once</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backing up using Backup System,
- <A
-HREF="c15383.html#HDRWQ296"
->Backing Up Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup
- </DT
-><DD
-><DL
-><DT
->see backup volume</DT
-></DL
-></DD
-><DT
->Backup System dump history, displaying,
- <A
-HREF="c15383.html#HDRWQ303"
->To display dump records</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->benefits for efficiency,
- <A
-HREF="c8420.html#HDRWQ179"
->How Volumes Improve AFS Efficiency</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->correspondence with directory,
- <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->counter in header for number of accesses,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating backup version of many at once,
- <A
-HREF="c8420.html#HDRWQ201"
->Creating Backup Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating with uss,
- <A
-HREF="c24913.html#HDRWQ472"
->Evenly Distributing User Home Directories with the G Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Creation date in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c8420.html#HDRWQ177"
->About Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->definition,
- <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying information about,
- <A
-HREF="c8420.html#HDRWQ216"
->Displaying Information About Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dumping without AFS Backup System,
- <A
-HREF="c8420.html#HDRWQ240"
->Dumping and Restoring Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->entry in VLDB,
- <A
-HREF="c8420.html#HDRWQ180"
->Volume Information in the VLDB</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->flushing from data cache on client machine,
- <A
-HREF="c21473.html#HDRWQ412"
->Forcing the Update of Cached Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->grouping related on same partition,
- <A
-HREF="c667.html#Header_55"
->Assigning Volume Names</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->header
- </DT
-><DD
-><DL
-><DT
->see volume header</DT
-></DL
-></DD
-><DT
->in load balancing,
- <A
-HREF="c130.html#HDRWQ13"
->Volumes</A
->,
- <A
-HREF="c8420.html#HDRWQ179"
->How Volumes Improve AFS Efficiency</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->Last Update date in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->location
- </DT
-><DD
-><DL
-><DT
->see volume location</DT
-></DL
-></DD
-><DT
->mounting,
- <A
-HREF="c130.html#HDRWQ14"
->Mount Points</A
->
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->
- </DT
-><DT
->more than once,
- <A
-HREF="c8420.html#HDRWQ183"
->About Mounting Volumes</A
->
- </DT
-></DL
-></DD
-><DT
->moving,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->name
- </DT
-><DD
-><DL
-><DT
->see volume name</DT
-></DL
-></DD
-><DT
->overwriting contents during Backup System restore,
- <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->preserving contents during Backup System restore,
- <A
-HREF="c15383.html#HDRWQ308"
->Using the backup volrestore Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->quota
- </DT
-><DD
-><DL
-><DT
->see volume quota</DT
-></DL
-></DD
-><DT
->read-only
- </DT
-><DD
-><DL
-><DT
->see read-only volume</DT
-></DL
-></DD
-><DT
->read/write
- </DT
-><DD
-><DL
-><DT
->see read/write volume</DT
-></DL
-></DD
-><DT
->removing
- </DT
-><DD
-><DL
-><DT
->alternate commands,
- <A
-HREF="c8420.html#Header_256"
->Other Removal Commands</A
->
- </DT
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ235"
->Removing Volumes and their Mount Points</A
->
- </DT
-><DT
->when removing user account,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-></DL
-></DD
-><DT
->renaming,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->replicating,
- <A
-HREF="c8420.html#HDRWQ190"
->About Clones and Cloning</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->restoring
- </DT
-><DD
-><DL
-><DT
->using Backup System,
- <A
-HREF="c15383.html#HDRWQ306"
->Restoring and Recovering Data</A
->
- </DT
-><DT
->with vos restore command,
- <A
-HREF="c8420.html#Header_261"
->About Restoring Volumes</A
->
- </DT
-></DL
-></DD
-><DT
->root (root.afs and root.cell),
- <A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to Simplify Administration</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->root directory of,
- <A
-HREF="c130.html#HDRWQ14"
->Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->salvaging,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->separate for each top level directory,
- <A
-HREF="c667.html#HDRWQ43"
->The Third Level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->site, defined,
- <A
-HREF="c8420.html#HDRWQ178"
->The Three Types of Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->size, displaying,
- <A
-HREF="c8420.html#Header_252"
->To display percent quota used</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->symptoms of corruption,
- <A
-HREF="c8420.html#HDRWQ232"
->Salvaging Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->synchronizing VLDB and volume header,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->type to replicate,
- <A
-HREF="c667.html#HDRWQ49"
->Grouping Related Volumes on a Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->where to place replicated,
- <A
-HREF="c667.html#HDRWQ49"
->Grouping Related Volumes on a Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->volume entry (Backup System)
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c12776.html#Header_291"
->To create a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c12776.html#HDRWQ252"
->Volume Sets and Volume Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deleting,
- <A
-HREF="c12776.html#Header_294"
->To delete a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_292"
->To add a volume entry to a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->volume entry (VLDB)
- </DT
-><DD
-><DL
-><DT
->displaying,
- <A
-HREF="c8420.html#HDRWQ217"
->Displaying VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->volume header
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c8420.html#HDRWQ181"
->The Information in Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying
- </DT
-><DD
-><DL
-><DT
->only,
- <A
-HREF="c8420.html#HDRWQ219"
->Displaying Volume Headers</A
->
- </DT
-><DT
->with VLDB entry,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-></DL
-></DD
-><DT
->in /vicep directories,
- <A
-HREF="c3025.html#HDRWQ88"
->Log Files in the /usr/afs/logs Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->synchronizing with VLDB,
- <A
-HREF="c8420.html#HDRWQ182"
->Keeping the VLDB and Volume Headers Synchronized</A
->,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->volume ID number
- </DT
-><DD
-><DL
-><DT
->learning
- </DT
-><DD
-><DL
-><DT
->from volume name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-><DT
->learning from directory/file name,
- <A
-HREF="c8420.html#HDRWQ224"
->To display the name of the volume that contains a file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->translating
- </DT
-><DD
-><DL
-><DT
->to volume location,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DT
->to volume name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->volume location
- </DT
-><DD
-><DL
-><DT
->learning from directory/file name,
- <A
-HREF="c8420.html#HDRWQ225"
->To display the ID number of the volume that contains a file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->learning from volume name/ID number,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Volume Location Server
- </DT
-><DD
-><DL
-><DT
->see VL Server</DT
-></DL
-></DD
-><DT
->volume name
- </DT
-><DD
-><DL
-><DT
->changing
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DT
->when renaming user,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->conventions,
- <A
-HREF="c8420.html#HDRWQ184"
->About Volume Names</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->conventions for,
- <A
-HREF="c667.html#HDRWQ43"
->The Third Level</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->learning
- </DT
-><DD
-><DL
-><DT
->from directory/file name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DT
->from volume ID number,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-><DT
->restrictions,
- <A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to Simplify Administration</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->translating
- </DT
-><DD
-><DL
-><DT
->to volume ID number,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DT
->to volume location,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-><DT
->two required,
- <A
-HREF="c667.html#HDRWQ44"
->Creating Volumes to Simplify Administration</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->volume quota
- </DT
-><DD
-><DL
-><DT
->default for new volume,
- <A
-HREF="c8420.html#HDRWQ185"
->Creating Read/write Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying
- </DT
-><DD
-><DL
-><DT
->percent used,
- <A
-HREF="c8420.html#Header_251"
->To set maximum quota on one or more volumes</A
->
- </DT
-><DT
->with volume &partition info,
- <A
-HREF="c8420.html#Header_253"
->To display quota, current size, and other information</A
->
- </DT
-><DT
->with volume size,
- <A
-HREF="c8420.html#Header_252"
->To display percent quota used</A
->
- </DT
-></DL
-></DD
-><DT
->recorded in volume header,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting
- </DT
-><DD
-><DL
-><DT
->on multiple volumes,
- <A
-HREF="c8420.html#Header_251"
->To set maximum quota on one or more volumes</A
->
- </DT
-><DT
->on single volume,
- <A
-HREF="c8420.html#Header_250"
->To set quota for a single volume</A
->
- </DT
-><DT
->with uss,
- <A
-HREF="c24913.html#HDRWQ473"
->Creating a Volume with the V Instruction</A
->
- </DT
-></DL
-></DD
-></DL
-></DD
-><DT
->Volume Server
- </DT
-><DD
-><DL
-><DT
->as part of fs process,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->,
- <A
-HREF="c6449.html#Header_176"
->The Information in the BosConfig File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->description,
- <A
-HREF="c130.html#HDRWQ22"
->The Volume Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying log file,
- <A
-HREF="c6449.html#HDRWQ173"
->Displaying Server Process Log Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->role in VLDB/volume header synchronization,
- <A
-HREF="c8420.html#HDRWQ182"
->Keeping the VLDB and Volume Headers Synchronized</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->when to contact,
- <A
-HREF="c6449.html#HDRWQ148"
->The fs Collection of Processes: the File Server, Volume Server and Salvager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->volume set (Backup System)
- </DT
-><DD
-><DL
-><DT
->creating,
- <A
-HREF="c12776.html#HDRWQ265"
->Defining and Displaying Volume Sets and Volume Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c12776.html#HDRWQ252"
->Volume Sets and Volume Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deleting,
- <A
-HREF="c12776.html#HDRWQ266"
->To display volume sets and volume entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deleting volume entry,
- <A
-HREF="c12776.html#Header_294"
->To delete a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c12776.html#Header_292"
->To add a volume entry to a volume set</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume entry
- </DT
-><DD
-><DL
-><DT
->see volume entry</DT
-></DL
-></DD
-></DL
-></DD
-><DT
->VolumeItems file,
- <A
-HREF="c21473.html#HDRWQ393"
->Cache-Related Files</A
->
- </DT
-><DT
->vos commands
- </DT
-><DD
-><DL
-><DT
->addsite,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backup,
- <A
-HREF="c8420.html#HDRWQ205"
->To create and mount a backup volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->backupsys,
- <A
-HREF="c8420.html#HDRWQ205"
->To create and mount a backup volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->binary in /usr/afs/bin,
- <A
-HREF="c3025.html#HDRWQ84"
->Binaries in the /usr/afs/bin Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changeaddr,
- <A
-HREF="c3025.html#Header_158"
->To display all server entries from the VLDB</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->create
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#Header_212"
->To create (and mount) a read/write volume</A
->
- </DT
-><DT
->when creating user account,
- <A
-HREF="c27596.html#HDRWQ503"
->To create one user account with individual commands</A
->
- </DT
-></DL
-></DD
-><DT
->delentry,
- <A
-HREF="c8420.html#Header_256"
->Other Removal Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dump,
- <A
-HREF="c8420.html#Header_259"
->About Dumping Volumes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->examine
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ221"
->Displaying One Volume's VLDB Entry and Volume Header</A
->
- </DT
-><DT
->to learn volume ID,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-><DT
->to learn volume name,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-><DT
->granting privilege for,
- <A
-HREF="c32432.html#HDRWQ592"
->Administering the UserList File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listaddrs,
- <A
-HREF="c3025.html#Header_157"
->To create or edit the server NetRestrict file</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listpart,
- <A
-HREF="c3025.html#HDRWQ130"
->Adding or Removing Disks and Partitions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listvldb
- </DT
-><DD
-><DL
-><DT
->syntax,
- <A
-HREF="c8420.html#HDRWQ217"
->Displaying VLDB Entries</A
->
- </DT
-><DT
->to learn volume location,
- <A
-HREF="c8420.html#HDRWQ223"
->Displaying the Name or Location of the Volume that Contains a File</A
->
- </DT
-></DL
-></DD
-><DT
->listvol
- </DT
-><DD
-><DL
-><DT
->output with -extended flag,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->output with -fast flag,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->output with -long flag,
- <A
-HREF="c8420.html#HDRWQ220"
->To display volume headers</A
->
- </DT
-><DT
->syntax,
- <A
-HREF="c8420.html#HDRWQ219"
->Displaying Volume Headers</A
->
- </DT
-></DL
-></DD
-><DT
->lock,
- <A
-HREF="c8420.html#HDRWQ247"
->Unlocking and Locking VLDB Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->move
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ226"
->Moving Volumes</A
->
- </DT
-><DT
->when removing file server machine disk,
- <A
-HREF="c3025.html#HDRWQ131"
->To add and mount a new disk to house AFS volumes</A
->
- </DT
-></DL
-></DD
-><DT
->mutual authentication, bypassing,
- <A
-HREF="c3025.html#HDRWQ128"
->Bypassing Mutual Authentication for an Individual Command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->partinfo,
- <A
-HREF="c8420.html#Header_212"
->To create (and mount) a read/write volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->release
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ194"
->To replicate a read/write volume (create a read-only volume)</A
->
- </DT
-><DT
->forcing new cloning with -f flag,
- <A
-HREF="c8420.html#HDRWQ192"
->Replicating Volumes (Creating Read-only Volumes)</A
->
- </DT
-></DL
-></DD
-><DT
->remove
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ236"
->To remove a volume and unmount it</A
->
- </DT
-><DT
->when removing user account,
- <A
-HREF="c27596.html#Header_595"
->To remove a user account</A
->
- </DT
-></DL
-></DD
-><DT
->remsite,
- <A
-HREF="c8420.html#Header_256"
->Other Removal Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rename
- </DT
-><DD
-><DL
-><DT
->basic instructions,
- <A
-HREF="c8420.html#HDRWQ245"
->Renaming Volumes</A
->
- </DT
-><DT
->when changing username,
- <A
-HREF="c27596.html#Header_593"
->To change a username</A
->
- </DT
-></DL
-></DD
-><DT
->restore
- </DT
-><DD
-><DL
-><DT
->to create new volume,
- <A
-HREF="c8420.html#Header_261"
->About Restoring Volumes</A
->
- </DT
-><DT
->to overwrite volume,
- <A
-HREF="c8420.html#HDRWQ242"
->To restore a dump into a new volume and mount it</A
->
- </DT
-></DL
-></DD
-><DT
->summary of functions,
- <A
-HREF="c6449.html#HDRWQ153"
->The vlserver Process: the Volume Location Server</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->syncserv
- </DT
-><DD
-><DL
-><DT
->effect,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DT
->syntax,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-></DL
-></DD
-><DT
->syncvldb
- </DT
-><DD
-><DL
-><DT
->effect,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-><DT
->syntax,
- <A
-HREF="c8420.html#HDRWQ227"
->Synchronizing the VLDB and Volume Headers</A
->
- </DT
-></DL
-></DD
-><DT
->unlock,
- <A
-HREF="c8420.html#Header_267"
->To lock a VLDB entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->unlockvldb,
- <A
-HREF="c8420.html#Header_268"
->To unlock a single VLDB entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->zap,
- <A
-HREF="c8420.html#Header_256"
->Other Removal Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN43327"
->W</A
-></H2
-><DL
-><DT
->w ACL permission,
- <A
-HREF="c31274.html#HDRWQ569"
->The Three File Permissions</A
->
- </DT
-><DT
->weekly restart of BOS Server (automatic)
- </DT
-><DD
-><DL
-><DT
->about,
- <A
-HREF="c667.html#Header_62"
->Configuring Partitions to Store AFS Data</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying and setting time,
- <A
-HREF="c6449.html#HDRWQ171"
->Setting the BOS Server's Restart Times</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->which command,
- <A
-HREF="c3025.html#HDRWQ117"
->Displaying A Binary File's Build Level</A
->
- </DT
-><DT
->window
- </DT
-><DD
-><DL
-><DT
->resizing scout display,
- <A
-HREF="c18360.html#HDRWQ334"
->Resizing the scout Display</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->write
- </DT
-><DD
-><DL
-><DT
->ACL permission
- </DT
-><DD
-><DL
-><DT
->see write ACL permission</DT
-></DL
-></DD
-><DT
->operations delayed from NFS clients,
- <A
-HREF="a33047.html#HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->shorthand for ACL permissions,
- <A
-HREF="c31274.html#Header_636"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system call for files saved on AFS client,
- <A
-HREF="c667.html#HDRWQ32"
->Creating Hard Links</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->system call for files saved on NFS client,
- <A
-HREF="a33047.html#HDRWQ602"
->Delayed Writes for Files Saved on NFS Client Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Ws statistic from scout program,
- <A
-HREF="c18360.html#HDRWQ331"
->The Statistics Display Region</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN43360"
->X</A
-></H2
-><DL
-><DT
->X instruction
- </DT
-><DD
-><DL
-><DT
->uss template file,
- <A
-HREF="c24913.html#HDRWQ478"
->Increasing Account Security with the A Instruction</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->xstat as requirement for running afsmonitor,
- <A
-HREF="c18360.html#HDRWQ350"
->Requirements for running the afsmonitor program</A
->
- </DT
-><DT
->xstat data collection facility,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-><DT
->data collections,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->example commands,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->libxstat_cm.a library,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->libxstat_fs.a library,
- <A
-HREF="c18360.html#HDRWQ353"
->The xstat Data Collection Facility</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->obtaining more information,
- <A
-HREF="c18360.html#Header_401"
->The libxstat Libraries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat_cm_test example command,
- <A
-HREF="c18360.html#Header_403"
->To use the example xstat_fs_test command</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->xstat_fs_test example command,
- <A
-HREF="c18360.html#Header_402"
->Example xstat Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="a35965.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-> </TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->AIX Audit Events</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-> </TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Concepts and Configuration Issues</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="About This Guide"
-HREF="f24.html"><LINK
-REL="NEXT"
-TITLE="An Overview of AFS Administration"
-HREF="c130.html"></HEAD
-><BODY
-CLASS="part"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="f24.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c130.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="PART"
-><A
-NAME="AEN128"
-></A
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="title"
->I. Concepts and Configuration Issues</H1
-><DIV
-CLASS="TOC"
-><DL
-><DT
-><B
->Table of Contents</B
-></DT
-><DT
->1. <A
-HREF="c130.html"
->An Overview of AFS Administration</A
-></DT
-><DT
->2. <A
-HREF="c667.html"
->Issues in Cell Configuration and Administration</A
-></DT
-></DL
-><BR></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="f24.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c130.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->About This Guide</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->An Overview of AFS Administration</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Managing Client Machines</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Managing Server Encryption Keys"
-HREF="c20494.html"><LINK
-REL="NEXT"
-TITLE="Administering Client Machines and the Cache Manager"
-HREF="c21473.html"></HEAD
-><BODY
-CLASS="part"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c20494.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c21473.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="PART"
-><A
-NAME="AEN21471"
-></A
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="title"
->III. Managing Client Machines</H1
-><DIV
-CLASS="TOC"
-><DL
-><DT
-><B
->Table of Contents</B
-></DT
-><DT
->10. <A
-HREF="c21473.html"
->Administering Client Machines and the Cache Manager</A
-></DT
-><DT
->11. <A
-HREF="c23832.html"
->Configuring Client Machines with the package Program</A
-></DT
-></DL
-><BR></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c20494.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c21473.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Managing Server Encryption Keys</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Administering Client Machines and the Cache Manager</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Managing Users and Groups</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Configuring Client Machines with the package Program"
-HREF="c23832.html"><LINK
-REL="NEXT"
-TITLE="Creating and Deleting User Accounts with the uss Command Suite"
-HREF="c24913.html"></HEAD
-><BODY
-CLASS="part"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c23832.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c24913.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="PART"
-><A
-NAME="AEN24911"
-></A
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="title"
->IV. Managing Users and Groups</H1
-><DIV
-CLASS="TOC"
-><DL
-><DT
-><B
->Table of Contents</B
-></DT
-><DT
->12. <A
-HREF="c24913.html"
->Creating and Deleting User Accounts with the uss Command Suite</A
-></DT
-><DT
->13. <A
-HREF="c27596.html"
->Administering User Accounts</A
-></DT
-><DT
->14. <A
-HREF="c29323.html"
->Administering the Protection Database</A
-></DT
-><DT
->15. <A
-HREF="c31274.html"
->Managing Access Control Lists</A
-></DT
-><DT
->16. <A
-HREF="c32432.html"
->Managing Administrative Privilege</A
-></DT
-></DL
-><BR></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c23832.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c24913.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Configuring Client Machines with the package Program</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Creating and Deleting User Accounts with the uss Command Suite</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Managing File Server Machines</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS Administration Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Issues in Cell Configuration and Administration"
-HREF="c667.html"><LINK
-REL="NEXT"
-TITLE="Administering Server Machines"
-HREF="c3025.html"></HEAD
-><BODY
-CLASS="part"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS Administration Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c667.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c3025.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="PART"
-><A
-NAME="AEN3023"
-></A
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="title"
->II. Managing File Server Machines</H1
-><DIV
-CLASS="TOC"
-><DL
-><DT
-><B
->Table of Contents</B
-></DT
-><DT
->3. <A
-HREF="c3025.html"
->Administering Server Machines</A
-></DT
-><DT
->4. <A
-HREF="c6449.html"
->Monitoring and Controlling Server Processes</A
-></DT
-><DT
->5. <A
-HREF="c8420.html"
->Managing Volumes</A
-></DT
-><DT
->6. <A
-HREF="c12776.html"
->Configuring the AFS Backup System</A
-></DT
-><DT
->7. <A
-HREF="c15383.html"
->Backing Up and Restoring AFS Data</A
-></DT
-><DT
->8. <A
-HREF="c18360.html"
->Monitoring and Auditing AFS Performance</A
-></DT
-><DT
->9. <A
-HREF="c20494.html"
->Managing Server Encryption Keys</A
-></DT
-></DL
-><BR></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c667.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c3025.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Issues in Cell Configuration and Administration</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Administering Server Machines</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
--- /dev/null
+# Copyright 2009, Secure Endpoints Inc.
+# All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# - Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+# - Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+# - Neither the name of Secure Endpoints Inc. nor the names of its contributors
+# may be used to endorse or promote products derived from this software without
+# specific prior written permission from Secure Endpoints Inc..
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+!INCLUDE ..\..\..\src\config\NTMakefile.$(SYS_NAME)
+!INCLUDE ..\..\..\src\config\NTMakefile.version
+
+!IFNDEF CYGWIN
+CYGWIN = c:/cygwin
+!ENDIF
+!IFNDEF DOCBOOK_XSL
+DOCBOOK_XSL = $(CYGWIN)/usr/share/docbook-xsl
+!ENDIF
+XSLTPROC = xsltproc.exe
+HTML_XSL = $(DOCBOOK_XSL)/html/chunk.xsl
+HTML_PARMS = --param navig.graphics 1 --stringparam navig.graphics.path ../
+CHM_XSL = $(DOCBOOK_XSL)/htmlhelp/htmlhelp.xsl
+
+XMLSRCS = \
+ auqbg000.xml \
+ auqbg003.xml \
+ auqbg004.xml \
+ auqbg005.xml \
+ auqbg006.xml \
+ auqbg007.xml \
+ auqbg008.xml \
+ appendix.xml
+
+index.html: $(XMLSRCS)
+ @echo Building Unix Quick Start Guide in HTML format
+ $(XSLTPROC) $(HTML_PARMS) $(HTML_XSL) auqbg000.xml
+
+htmlhelp.chm: $(XMLSRCS)
+ @echo Building Unix Quick Start Guide in HTML Help format
+ $(XSLTPROC) $(CHM_XSL) auqbg000.xml
+ -hhc.exe htmlhelp.hhp
+ $(DEL) *.html
+ $(DEL) *.hh?
+ $(DEL) *.chw
+
+install: htmlhelp.chm index.html
+
+clean::
+ $(DEL) *.html
+ $(DEL) htmlhelp.chm
are installing your first file server;
<link linkend="HDRWQ108">Starting Server Programs</link> if you
are installing an additional file server machine; or
- <link linkend="HDRWQ145"></link> if you are installing a client.
+ <link linkend="HDRWQ145">Loading and Creating Client Files</link> if you are installing a client.
</para>
</listitem>
</orderedlist>
<!ENTITY chapter4 SYSTEM "auqbg007.xml">
<!ENTITY appendixA SYSTEM "auqbg008.xml">
<!ENTITY appendixB SYSTEM "appendix.xml">
-<!ENTITY index SYSTEM "auqbg009.xml">
]>
<book>
<bookinfo>
- <title>OpenAFS Quick Beginnings</title>
+ <title>OpenAFS Quick Start Guide for UNIX</title>
- <subtitle>Version 1.4.2</subtitle>
+ <subtitle>Version 1.4.10</subtitle>
<copyright>
- <year>2000-2007</year>
+ <year>2000-2009</year>
<holder>IBM Corporation and other contributors. All Rights Reserved</holder>
</copyright>
<revhistory>
<revision>
- <revnumber>1.4.4</revnumber>
- <date>March 2007</date>
+ <revnumber>1.4.10</revnumber>
+ <date>May 2009</date>
</revision>
</revhistory>
<abstract>
<para>This document describes the initial setup of an OpenAFS cell
and an OpenAFS client. It is currently being updated for OpenAFS
- 1.4.4 and is still dated and incorrect in some details. This
- edition applies to OpenAFS for UNIX, Version 1.4.4, and to all
+ 1.4.10 and is still dated and incorrect in some details. This
+ edition applies to OpenAFS for UNIX, Version 1.4.10, and to all
subsequent releases and modifications until otherwise indicated in
new editions.</para>
</abstract>
&chapter4;
&appendixA;
&appendixB;
- &index;
+ <index>Name Index</index>
</book>
<!-- Keep this comment at the end of the file
Local variables:
functions:
<itemizedlist>
<listitem>
- <para>It acts as the <emphasis>system control
+ <para>It may act as the <emphasis>system control
machine</emphasis>, distributing certain
configuration files to the other server machines in the
cell</para>
often only need to add configuration to the session group:</para>
<example>
- <title>PAM session example</title>
+ <title>Linux PAM session example</title>
<literallayout>session required pam_afs_session.so</literallayout>
</example>
<literal>sufficient</literal>.</para>
<example>
- <title>PAM auth example</title>
+ <title>Linux PAM auth example</title>
<literallayout>auth [success=ok default=1] pam_krb5.so
auth [default=done] pam_afs_session.so
auth required pam_unix.so try_first_pass</literallayout>
<filename>pam.conf</filename>:</para>
<example>
- <title>PAM session example</title>
-<literallayout>login session required pam_afs_session.so</literallayout>
+ <title>Solaris PAM session example</title>
+ <literallayout>login session required pam_afs_session.so</literallayout>
</example>
<para>This example enables PAM authentication only for console login.
<?xml version="1.0" encoding="UTF-8"?>
<appendix id="HDRWQ163">
- <title>Appendix A. Building AFS from Source Code</title>
+ <title>Appendix A. Building OpenAFS from Source Code</title>
- <para>This chapter describes how to build AFS from source code. <indexterm>
+ <para>This chapter describes how to build OpenAFS from source code. <indexterm>
<primary>storing</primary>
- <secondary>AFS source in volume</secondary>
+ <secondary>OpenAFS source in volume</secondary>
</indexterm> <indexterm>
<primary>creating</primary>
<secondary>volume</secondary>
- <tertiary>for AFS source</tertiary>
+ <tertiary>for OpenAFS source</tertiary>
</indexterm> <indexterm>
<primary>volume</primary>
- <secondary>for AFS source</secondary>
+ <secondary>for OpenAFS source</secondary>
</indexterm> <indexterm>
<primary>source (AFS)</primary>
</indexterm> <indexterm>
<primary>files</primary>
- <secondary>AFS source</secondary>
+ <secondary>OpenAFS source</secondary>
</indexterm></para>
<sect1 id="HDRWQ164">
<title>Loading the Source Files</title>
- <para>Working on an AFS client machine, perform these steps to load the AFS source tree from the AFS Source Distribution.
+ <para>Working on an AFS client machine, login to AFS as a
+ administrative user, then perform these steps to load the OpenAFS
+ source tree from the OpenAFS Source Distribution.
<orderedlist>
<indexterm>
<primary>commands</primary>
</indexterm>
<listitem>
- <para>Create and mount a volume for housing the AFS source tree. These instructions name the volume <emphasis
+ <para>Create and mount a volume for housing the OpenAFS source tree. These instructions name the volume <emphasis
role="bold">src.afs</emphasis> and mount it at the <emphasis
role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis role="bold">/afs/src</emphasis> directory.</para>
</listitem>
<listitem>
- <para>On the local <emphasis role="bold">/cdrom</emphasis> directory, mount the CD-ROM that contains the AFS source files.
- For instructions on mounting CD-ROMs (either locally or remotely via NFS), consult the operating system documentation.
+ <para>Download the latest stable OpenAFS source distribution
+ (openafs-src.<replaceable>X.Y.Z</replaceable>.tar.gz)
+ from <ulink url="http://www.openafs.org/release/latest.html">openafs.org</ulink>
+ to the local <emphasis role="bold">/tmp</emphasis> directory.
<indexterm>
- <primary>copying</primary>
+ <primary>downloading</primary>
- <secondary>source files from CD-ROM</secondary>
- </indexterm> <indexterm>
- <primary>CD-ROM</primary>
+ <secondary>source files from openafs.org</secondary>
+ </indexterm>
+ </para>
+ </listitem>
- <secondary>copying source files from</secondary>
- </indexterm></para>
+ <listitem>
+ <para>In the local <emphasis role="bold">/tmp</emphasis> directory, unpack the source archive. <programlisting>
+ # <emphasis role="bold">cd /tmp</emphasis>
+ # <emphasis role="bold">gzip -dc openafs-src-<replaceable>X.Y.Z</replaceable>.tar.gz | tar xvf -</emphasis>
+</programlisting>
+ <indexterm>
+ <primary>unpacking</primary>
+
+ <secondary>source files from the archive</secondary>
+ </indexterm>
+ </para>
</listitem>
<listitem>
- <para>Copy the source files from the
CD-ROM into the newly created volume. <programlisting>
- # <emphasis role="bold">cd /cdrom/src</emphasis>
+ <para>Copy the source files from the
unpacked archive into the newly created volume. <programlisting>
+ # <emphasis role="bold">cd /tmp/openafs-<replaceable>X.Y.Z</replaceable></emphasis>
# <emphasis role="bold">cp -rp * /afs/.</emphasis><replaceable>cellname</replaceable>/<emphasis role="bold">afs/src</emphasis>
</programlisting></para>
</listitem>
</sect1>
<sect1 id="HDRWQ165">
- <title>Compiling AFS Binaries Using the washtool Program</title>
+ <title>Compiling OpenAFS Binaries Using Configure and Make</title>
- <para>The AFS distribution includes the <emphasis role="bold">washtool</emphasis> program for managing a hierarchy of software
- development projects. The program builds project trees for program editing, compilation, and installation. <orderedlist>
+ <para>The OpenAFS distribution uses the <emphasis role="bold">autoconf</emphasis> program and Makefiles for compiling the OpenAFS software.<orderedlist>
<listitem>
<para>Create a subdirectory under the <emphasis role="bold">/afs/.</emphasis><replaceable>cellname</replaceable><emphasis
role="bold">/afs</emphasis> directory for each system type for which you will build AFS binaries. Creating and mounting a
</programlisting> <indexterm>
<primary>commands</primary>
- <secondary>washtool</secondary>
- </indexterm> <indexterm>
- <primary>washtool command</primary>
+ <secondary></secondary>
</indexterm></para>
</listitem>
-
+<!--
+ % cd /afs/.rampaginggeek.com/src/afs/@sys
+ % ../src/configure
+ make
+ make dest
+ -->
+
<listitem>
- <para>For each system type you plan to build, copy the binary for the <emphasis role="bold">washtool</emphasis> program to
- the directory specified in the AFS <emphasis role="bold">Makefile</emphasis>, which is <emphasis
- role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
- role="bold">/afs/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/dest/bin</emphasis>. If you prefer to
- store the program in a different directory, you can use the WASHTOOL variable on the <emphasis role="bold">make</emphasis>
- command line as described in Step <link linkend="LIWQ166">6</link>.</para>
-
- <para>If there is a volume that houses the AFS binaries for each system type (as recommended), the conventional location
- for the <emphasis role="bold">washtool</emphasis> binary is the <emphasis
- role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
- role="bold">/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/usr/afsws/bin</emphasis> directory. Use
- the following instruction to copy it.</para>
-
- <programlisting>
- # <emphasis role="bold">cd /afs/</emphasis><replaceable>cellname</replaceable><emphasis role="bold">/</emphasis><replaceable>sysname</replaceable><emphasis
- role="bold">/usr/afsws/bin</emphasis>
- # <emphasis role="bold">cp washtool</emphasis> <emphasis role="bold">/afs/.</emphasis><replaceable>cellname</replaceable><emphasis
- role="bold">/afs/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/dest/bin</emphasis>
-</programlisting>
-
- <para>Otherwise, mount the (binary) AFS CD-ROM for this system type on the local <emphasis role="bold">/cdrom</emphasis>
- directory, and copy the <emphasis role="bold">washtool</emphasis> binary directly from it.</para>
-
+ <para>For each system type you plan to build, run the following commands on a machine of that system type:</para>
<programlisting>
- # <emphasis role="bold">cd /cdrom/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/bin</emphasis>
- # <emphasis role="bold">cp washtool</emphasis> <emphasis role="bold">/afs/.</emphasis><replaceable>cellname</replaceable><emphasis
- role="bold">/afs/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/dest/bin</emphasis>
+ # <emphasis role="bold">cd /afs/</emphasis><replaceable>cellname</replaceable><emphasis role="bold">/</emphasis><replaceable>sysname</replaceable>
+ # <emphasis role="bold">../src/configure</emphasis>
+ # <emphasis role="bold">make</emphasis>
+ # <emphasis role="bold">make dest</emphasis>
</programlisting>
<indexterm>
</indexterm>
<indexterm>
- <primary>make command</primary>
+ <primary>configure command</primary>
</indexterm>
<indexterm>
- <primary>variables</primary>
-
- <secondary>WASHTOOL</secondary>
+ <primary>make command</primary>
</indexterm>
<indexterm>
- <primary>variables</primary>
-
- <secondary>SYS_NAME for washtool command</secondary>
- </indexterm>
+ <primary>commands</primary>
- <indexterm>
- <primary>SYS_NAME variable for washtool command</primary>
+ <secondary>configure</secondary>
</indexterm>
- <indexterm>
- <primary>WASHTOOL variable</primary>
- </indexterm>
</listitem>
<listitem>
<para><anchor id="LIWQ166" />Working in the <emphasis
role="bold">/afs/.</emphasis><replaceable>cellname</replaceable><emphasis role="bold">/afs</emphasis> directory on a
machine of the system type for which you are building AFS, issue the <emphasis role="bold">make install</emphasis>
- command. Set the SYS_NAME variable to the appropriate system type name.</para>
-
- <para>If the <emphasis role="bold">washtool</emphasis> binary is not in the conventional directory (<emphasis
- role="bold">/afs/</emphasis><replaceable>cellname</replaceable><emphasis
- role="bold">/afs/</emphasis><replaceable>sysname</replaceable><emphasis role="bold">/dest/bin</emphasis>), set the
- WASHTOOL variable to the alternate full pathname of the binary.</para>
-
- <programlisting>
- # <emphasis role="bold">cd /afs/.</emphasis><replaceable>cellname</replaceable><emphasis role="bold">/afs</emphasis>
- # <emphasis role="bold">make SYS_NAME=</emphasis><replaceable>sysname</replaceable> [<emphasis role="bold">WASHTOOL=</emphasis><replaceable>alternate_washtool_directory</replaceable>] <emphasis
- role="bold">install</emphasis>
-</programlisting>
+ command.</para>
</listitem>
</orderedlist></para>
</sect1>
--- /dev/null
+# Copyright 2009, Secure Endpoints Inc.
+# All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# - Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+# - Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+# - Neither the name of Secure Endpoints Inc. nor the names of its contributors
+# may be used to endorse or promote products derived from this software without
+# specific prior written permission from Secure Endpoints Inc..
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+!INCLUDE ..\..\..\src\config\NTMakefile.$(SYS_NAME)
+!INCLUDE ..\..\..\src\config\NTMakefile.version
+
+!IFNDEF CYGWIN
+CYGWIN = c:/cygwin
+!ENDIF
+!IFNDEF DOCBOOK_XSL
+DOCBOOK_XSL = $(CYGWIN)/usr/share/docbook-xsl
+!ENDIF
+XSLTPROC = xsltproc.exe
+HTML_XSL = $(DOCBOOK_XSL)/html/chunk.xsl
+HTML_PARMS = --param navig.graphics 1 --stringparam navig.graphics.path ../
+CHM_XSL = $(DOCBOOK_XSL)/htmlhelp/htmlhelp.xsl
+
+XMLSRCS = \
+ auusg000.xml \
+ auusg003.xml \
+ auusg004.xml \
+ auusg005.xml \
+ auusg006.xml \
+ auusg007.xml \
+ auusg008.xml \
+ auusg009.xml \
+ auusg010.xml \
+ auusg011.xml \
+ auusg012.xml \
+ auusg013.xml \
+
+index.html: $(XMLSRCS)
+ @echo Building OpenAFS User Guide in HTML format
+ $(XSLTPROC) $(HTML_PARMS) $(HTML_XSL) auusg000.xml
+
+htmlhelp.chm: $(XMLSRCS)
+ @echo Building OpenAFS User Guide in HTML Help format
+ $(XSLTPROC) $(CHM_XSL) auusg000.xml
+ -hhc.exe htmlhelp.hhp
+ $(DEL) *.html
+ $(DEL) *.hh?
+ $(DEL) *.chw
+
+install: htmlhelp.chm index.html
+
+clean::
+ $(DEL) *.html
+ $(DEL) htmlhelp.chm
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Using the NFS/AFS Translator</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Troubleshooting"
-HREF="c3402.html"><LINK
-REL="NEXT"
-TITLE="AFS Command Syntax and Online Help"
-HREF="a3812.html"></HEAD
-><BODY
-CLASS="appendix"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c3402.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="a3812.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="appendix"
-><H1
-><A
-NAME="HDRWQ80"
-></A
->Appendix A. Using the NFS/AFS Translator</H1
-><P
->
-
-
-
-
-
-
- Some
- cells use the Network File System (NFS) in addition to AFS. If you work on an NFS client machine, your system
- administrator can configure it to access the AFS filespace through a program called the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->NFS/AFS
- Translator</I
-></SPAN
-><SUP
->TM</SUP
->. If you have an AFS account, you can access AFS as an
- authenticated user while working on your NFS client machine. Otherwise, you access AFS as the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->Acceptable NFS/AFS Translator performance requires that NFS is functioning correctly.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ81"
->Requirements for Using the NFS/AFS Translator</A
-></H1
-><P
->
-
-
- For you to use the NFS/AFS Translator, your system
- administrator must configure the following types of machines as indicated:</P
-><UL
-><LI
-><P
->An <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->NFS/AFS translator machine</I
-></SPAN
-> is an AFS client machine that also acts as an
- NFS server machine. Its Cache Manager acts as the surrogate Cache Manager for your NFS client machine. Ask your
- system administrator which translator machines you can use.</P
-></LI
-><LI
-><P
->Your NFS client machine must have an NFS mount to a translator machine. Most often, your system
- administrator mounts the translator machine's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory and names the mount
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> as well. This enables you to access the entire AFS filespace using standard
- AFS pathnames. It is also possible to create mounts directly to subdirectories of
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->, and to give NFS mounts different names on the NFS client
- machine.</P
-></LI
-></UL
-><P
->Your access to AFS is much more extensive if you have an AFS user account. If you do not, the AFS servers
- recognize you as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user and only grant you the access available to
- members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group.</P
-><P
->If your NFS client machine uses an operating system that AFS supports, your system administrator can
- configure it to enable you to issue many AFS commands on the machine. Ask him or her about the configuration and
- which commands you can issue.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="Header_160"
->Accessing AFS via the Translator</A
-></H1
-><P
->If you do not have an AFS account or choose not to access AFS as an authenticated user, then all you do to
- access AFS is provide the pathname of the relevant file. Its ACL must grant the necessary permissions to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group.</P
-><P
->If you have an AFS account and want to access AFS as an authenticated user, the best method depends on
- whether your NFS machine is a supported type. If it is, use the instructions in <A
-HREF="a3632.html#HDRWQ82"
->To
- Authenticate on a Supported Operating System</A
->. If it is not a supported type, use the instructions in
- <A
-HREF="a3632.html#HDRWQ83"
->To Authenticate on an Unsupported Operating System</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ82"
->To Authenticate on a Supported Operating System</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Log into the NFS client machine using your NFS username.</P
-></LI
-><LI
-><P
-> Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command. For complete instructions, see
- <A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
->.
-<PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog -setpag</B
-></SPAN
->
-</PRE
->
- </P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ83"
->To Authenticate on an Unsupported Operating System</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Log onto the NFS client machine using your NFS username.</P
-></LI
-><LI
-><P
-><A
-NAME="LINFS-TELNET"
-></A
->Establish a connection to the NFS/AFS translator machine you are
- using (for example, using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
-> utility) and log onto it using your AFS
- username (which is normally the same as your NFS username).</P
-></LI
-><LI
-><P
-> If the NFS/AFS translator machine uses an AFS-modified login utility, then you obtained AFS tokens in Step
- <A
-HREF="a3632.html#LINFS-TELNET"
->2</A
->. To check, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command,
- which is described fully in <A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
->.
-<PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
-</PRE
->
- If you do not have tokens, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command, which is described fully in
- <A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
->.
-<PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog -setpag</B
-></SPAN
->
-</PRE
->
- </P
-></LI
-><LI
-><P
-> <A
-NAME="LINFS-KNFS"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command to associate your AFS tokens
- with your UNIX UID on the NFS client machine where you are working. This enables the Cache Manager on the
- translator machine to use the tokens properly when you access AFS from the NFS client machine.
- </P
-><P
->If your NFS client machine is a system type for which AFS defines a system name, it can make sense
- to add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sysname</B
-></SPAN
-> argument. This argument helps the Cache Manager access
- binaries specific to your NFS client machine, if your system administrator has used the
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->@sys</I
-></SPAN
-> variable in pathnames. Ask your system administrator if this argument is useful for
- you.
-
-
-
-</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->host name</VAR
->> [<<VAR
-CLASS="replaceable"
->user ID (decimal)</VAR
->>] \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sysname</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->host's '@sys' value</VAR
->>]
-</PRE
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><VAR
-CLASS="replaceable"
->host name</VAR
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the fully-qualified hostname of your NFS client machine (such as
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->nfs52.abc.com</B
-></SPAN
->).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><VAR
-CLASS="replaceable"
->user ID</VAR
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies your UNIX UID or equivalent (not your username) on the NFS client machine. If your
- system administrator has followed the conventional practice, then your UNIX and AFS UIDs are the same. If you
- do not know your local UID on the NFS machine, ask your system administrator for assistance. Your system
- administrator can also explain the issues you need to be aware of if your two UIDs do not match, or if you
- omit this argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sysname</B
-></SPAN
-></DT
-><DD
-><P
->Specifies your NFS client machine's system type name.</P
-></DD
-></DL
-></DIV
-></LI
-><LI
-><P
-><A
-NAME="LINFS-LOGOUT"
-></A
->(<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Optional</B
-></SPAN
->) Log out from the
- translator machine, but do not unauthenticate.</P
-></LI
-><LI
-><P
->Work on the NFS client machine, accessing AFS as necessary.</P
-></LI
-><LI
-><P
-> When you are finished accessing AFS, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command on the translator
- machine again. Provide the same <VAR
-CLASS="replaceable"
->host name</VAR
-> and <VAR
-CLASS="replaceable"
->user ID</VAR
->
- arguments as in Step <A
-HREF="a3632.html#LINFS-KNFS"
->4</A
->, and add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-unlog</B
-></SPAN
->
- flag to destroy your tokens. If you logged out from the translator machine in Step
- <A
-HREF="a3632.html#LINFS-LOGOUT"
->5</A
->, then you must first reestablish a connection to the translator machine
- as in Step <A
-HREF="a3632.html#LINFS-TELNET"
->2</A
->.
-<PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->host name</VAR
->> [<<VAR
-CLASS="replaceable"
->user ID (decimal)</VAR
->>] <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-unlog</B
-></SPAN
->
-</PRE
->
- </P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ84"
->Troubleshooting the NFS/AFS Translator</A
-></H1
-><P
->Acceptable performance by the NFS/AFS translator depends for the most part on NFS. Sometimes, problems that
- appear to be AFS file server outages, broken connections, or inaccessible files are actually caused by NFS
- outages.</P
-><P
->This section describes some common problems and their possible causes. If other problems arise, contact your
- system administrator, who can ask the AFS Product Support group for assistance if necessary.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->To avoid degrading AFS performance, the Cache Manager on the translator machine does not immediately
- send changes made on NFS client machines to the File Server. Instead, it checks every 60 seconds for such
- changes and sends them then. It can take longer for changes made on an NFS client machine to be saved than for
- changes made on an AFS client machine. The save operation must complete before the changes are visible on NFS
- client machines that are using a different translator machine or on AFS client machines.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ85"
->Your NFS Client Machine is Frozen</A
-></H2
-><P
->If your system administrator has used the recommended options when creating an NFS mount to an NFS/AFS
- translator machine, then the mount is both <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->hard</I
-></SPAN
-> and <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->interruptible</I
-></SPAN
->:</P
-><UL
-><LI
-><P
->A hard mount means that the NFS client retries its requests if it does not receive a response
- within the expected time frame. This is useful because requests have to pass through both the NFS and AFS client
- software, which can sometimes take longer than the NFS client expects. However, it means that if the NFS/AFS
- translator machine actually becomes inaccessible, your NFS client machine can become inoperative
- (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->freeze</I
-></SPAN
-> or <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->hang</I
-></SPAN
->).</P
-></LI
-><LI
-><P
->If the NFS mount is interruptible, then in the case of an NFS/AFS translator machine outage you
- can press <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-c</B
-></SPAN
->> or another interrupt signal to halt the NFS client's
- repeated attempts to access AFS. You can then continue to work locally, or can NFS-mount another translator
- machine. If the NFS mount is not interruptible, you must actually remove the mount to the inaccessible translator
- machine.</P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_165"
->NFS/AFS Translator Reboots</A
-></H2
-><P
->If you have authenticated to AFS and your translator machine reboots, you must issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command, if appropriate)
- to reauthenticate. If you used the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command's
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-sysname</B
-></SPAN
-> argument to define your NFS client machine's system name, use it
- again.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_166"
->System Error Messages</A
-></H2
-><P
->This section explains possible meanings for NFS error messages you receive while accessing AFS
- filespace.</P
-><P
-><SAMP
-CLASS="computeroutput"
->stale NFS client</SAMP
-></P
-><P
-><SAMP
-CLASS="computeroutput"
->Getpwd: can't read</SAMP
-></P
-><P
->Both messages possibly means that your translator machine was rebooted and cannot determine the pathname to
- the current working directory. To reestablish the path, change directory and specify the complete pathname starting
- with <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->.</P
-><P
-><SAMP
-CLASS="computeroutput"
->NFS server <VAR
-CLASS="replaceable"
->translator_machine</VAR
-> is not responding still
- trying</SAMP
->.</P
-><P
->The NFS client is not getting a response from the NFS/AFS translator machine. If the NFS mount to the
- translator machine is a hard mount, your NFS client continues retrying the request until it gets a response (see
- <A
-HREF="a3632.html#HDRWQ85"
->Your NFS Client Machine is Frozen</A
->). If the NFS mount to the translator machine is a
- soft mount, the NFS client stops retrying after a certain number of attempts (three by default).</P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c3402.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="a3812.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Troubleshooting</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->AFS Command Syntax and Online Help</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->AFS Command Syntax and Online Help</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Using the NFS/AFS Translator"
-HREF="a3632.html"><LINK
-REL="NEXT"
-TITLE="Glossary"
-HREF="g4153.html"></HEAD
-><BODY
-CLASS="appendix"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="a3632.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="g4153.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="appendix"
-><H1
-><A
-NAME="HDRWQ86"
-></A
->Appendix B. AFS Command Syntax and Online Help</H1
-><P
->The AFS commands available to you are used to authenticate, list AFS information, protect directories, create
- and manage groups, and create and manage ACLs. There are three general types of commands available to all AFS
- users: file server commands, protection server commands, and miscellaneous commands. This chapter discusses the
- syntax of these AFS commands, the rules that must be followed when issuing them, and ways of accessing help
- relevant to them.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ87"
->AFS Command Syntax</A
-></H1
-><P
->
- Most AFS commands use the following syntax:</P
-><PRE
-CLASS="programlisting"
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->command_suite operation_code -switch</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->value</VAR
->><SUP
->[+]</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-flag</B
-></SPAN
->
-</PRE
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->command suite</I
-></SPAN
-> indicates the general type of command and the server process that
- performs the command. Regular AFS users have access to two main command suites and a miscellaneous set of commands:
-
-
-
-
-</P
-><UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command suite is used to issue file server commands that
- interact with the File Server process.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> command suite is used to issue protection-related
- commands.</P
-></LI
-><LI
-><P
->The miscellaneous commands are not associated with any command suite.</P
-></LI
-></UL
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->operation code</I
-></SPAN
-> indicates the action that the command performs. Miscellaneous
- commands have operation codes only.
-
-</P
-><P
->A command can have multiple <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->options</I
-></SPAN
->, which can be <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->arguments</I
-></SPAN
-> or
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->flags</I
-></SPAN
->:</P
-><UL
-><LI
-><P
->Arguments are used to supply additional information for use by the command.
-
-
- They consist of a paired <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->switch</I
-></SPAN
-> and <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->instance</I
-></SPAN
->.
-
-
-
-
- A switch defines the type of argument and is always preceded
- by a hyphen; arguments can take multiple instances if a plus sign (+) appears after the instance. An instance
- represents some variable piece of information that is used by the command. Arguments can be optional or
- required.</P
-></LI
-><LI
-><P
->Flags are used to direct a command to perform in a specific way (for example, to generate a
- specific type of output).
-
- Flags are always preceded by a hyphen and are always
- optional.</P
-></LI
-></UL
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_169"
->Command Syntax Example</A
-></H2
-><P
->In the following AFS command</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir $HOME -acl pat all terry none -negative</B
-></SPAN
->
-</PRE
-><UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> is the command suite.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setacl</B
-></SPAN
-> is the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->operation code</I
-></SPAN
->, which directs
- the File Server process to set an access control list.</P
-></LI
-><LI
-><P
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir $HOME</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl pat all terry none</B
-></SPAN
-> are
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->arguments</I
-></SPAN
->.
- </P
-><UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> are switches;
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> indicates the name of the directory on which to set the ACL, and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> defines the entries to set on it.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$HOME</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat all terry
- none</B
-></SPAN
-> are <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->instances</I
-></SPAN
-> of the arguments. <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->$HOME</B
-></SPAN
->
- defines a specific directory for the directory argument. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument
- has two instances specifying two ACL entries: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat all</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry none</B
-></SPAN
->.</P
-></LI
-></UL
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> is a flag; it directs the command to put the access
- list entries on the negative rather than the normal permissions list.</P
-></LI
-></UL
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ88"
->Rules for Using AFS Commands</A
-></H1
-><P
->This section describes the rules to follow when using AFS commands.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_171"
->Spaces and Lines</A
-></H2
-><P
->Separate each command element (command suite, operation code, switches, instances, and flags) with a space.
- Multiple instances of an argument are also separated by a space.</P
-><P
->Type all AFS commands on one line, followed by a carriage return. Some commands in this document appear on
- more than one line, but that is for legibility only.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_172"
->Abbreviations and Aliases for Operation Codes</A
-></H2
-><P
->You can type operation codes in one of three ways:</P
-><UL
-><LI
-><P
->You can type the operation code in full.</P
-></LI
-><LI
-><P
->You can abbreviate the operation code to the shortest form that distinguishes it from the other
- operation codes in its command suite.</P
-></LI
-><LI
-><P
->You can use the alias for the operation code, if one exists.</P
-></LI
-></UL
-><P
->For example, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command can be issued as follows:</P
-><UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> (full command)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs lista</B
-></SPAN
-> (abbreviation)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs la</B
-></SPAN
-> (alias)</P
-></LI
-></UL
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
-> provides information on the full and abbreviated
- command syntax as well as any aliases for all of the commands discussed in this guide.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_173"
->Omitting Argument Switches</A
-></H2
-><P
->You can omit an argument's switch if the command takes only one argument, or if the following conditions are
- met.</P
-><UL
-><LI
-><P
->All of the command's required arguments appear in the order prescribed by the syntax
- statement.</P
-></LI
-><LI
-><P
->No switches are used on any arguments, even if they are in the correct order.</P
-></LI
-><LI
-><P
->There is only one value for each argument. The important exception to this condition is if the
- final required argument accepts multiple values; in this case, it is acceptable to provide multiple values
- without providing the switch.</P
-></LI
-></UL
-><P
->For example, the following two commands are equivalent:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir /afs/abc.com/usr/terry/private -acl pat rl</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl /afs/abc.com/usr/terry/private pat rl</B
-></SPAN
->
-</PRE
-><P
->However, the following is not an acceptable short form because the arguments are not in the prescribed
- order:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -acl pat rl /afs/abc.com/usr/terry/private</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_174"
->Shortening Switches and Flags</A
-></H2
-><P
->
- If you are required to use a switch, or if you decide to use a flag, you can often
- shorten the name of that switch or flag provided that the shortened form still distinguishes it from the command's
- other flags and switches.</P
-><P
->For example, when you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command, you can abbreviate all of
- the switches and flags of the command to their initial letter because they all begin with a different letter.
- However, when you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->knfs</B
-></SPAN
-> command, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-host</B
-></SPAN
-> argument and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-help</B
-></SPAN
-> flag both begin with the
- letter <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->h</B
-></SPAN
->, so the shortest unambiguous abbreviations are
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-ho</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-he</B
-></SPAN
-> respectively.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_175"
->Shortening Directory References</A
-></H2
-><P
->
- Most AFS command arguments that require directory or pathnames instances accept one
- or more of the following short forms:</P
-><UL
-><LI
-><P
->A single period (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
->) indicates the current working
- directory.</P
-></LI
-><LI
-><P
->Two periods (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->..</B
-></SPAN
->) indicate the parent directory of the current
- working directory.</P
-></LI
-><LI
-><P
->The $HOME environment variable indicates the issuer's home directory.</P
-></LI
-></UL
-><P
->For example, if the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> wants to grant
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions on his home directory to his manager
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> can issue the following
- command.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir $HOME -acl pat rl</B
-></SPAN
->
-</PRE
-><P
->If the current working directory is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->'s home directory, he can issue the
- following command.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir . -acl pat rl</B
-></SPAN
->
-</PRE
-><P
->Both of the previous examples are acceptable short forms for the following command:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir /afs/abc.com/usr/terry -acl pat rl</B
-></SPAN
->
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="Header_176"
->Commonly Used fs and pts Commands</A
-></H1
-><P
->This section provides additional information on the commonly used AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> commands. For more detailed information, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS
- Administration Reference</I
-></SPAN
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_177"
->About the fs Commands</A
-></H2
-><P
->Some <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands extend UNIX file system semantics by invoking file-related
- functions that UNIX does not provide (setting access control lists, for example). Other
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands help you control the performance of the Cache Manager running on your
- local client machine.
-
-
-
-</P
-><P
->All <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands accept the optional <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-help</B
-></SPAN
->
- flag. It has the same function as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs help</B
-></SPAN
-> command: it prints a command's
- online help message on the screen. Do not provide other options at the same time as this flag. It overrides them,
- and the only effect of issuing the command is to display the help message.
-
-</P
-><P
->The privilege required for issuing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands varies. The necessary
- privileges for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands described in this guide include the
- following:</P
-><UL
-><LI
-><P
->Having certain permissions on a directory's access control list. For example, creating and
- removing mount points requires <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->),
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->), and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->) permissions for the directory in
- which the mount point resides.</P
-></LI
-><LI
-><P
->Belonging to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group (see
- <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
->).</P
-></LI
-><LI
-><P
->No privilege. Many <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> commands simply list information and so do
- not require any special privilege.</P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_178"
->About the pts Commands</A
-></H2
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> command suite is the interface through which you can create
- protection groups and add members to them. System administrators who belong to a special system group called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can manipulate any group, and also create the user and
- machine entries that can belong to groups. Users who do not belong to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can always list the information associated with the
- group entries they own, as well as their own user entries. Depending on the setting of an entry's privacy flags,
- regular users can sometimes access and manipulate group entries in certain ways.</P
-><P
->All <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> commands accept optional arguments and flags. They are listed in the
- command descriptions in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
-> and are described here in
- detail:</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[-cell <<VAR
-CLASS="replaceable"
->cell name</VAR
->>]</B
-></SPAN
-></DT
-><DD
-><P
-> This argument indicates that the command runs in the indicated cell. The issuer can abbreviate the
- <VAR
-CLASS="replaceable"
->cell name</VAR
-> value to the shortest form that distinguishes it from the other cells
- listed in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/CellServDB</B
-></SPAN
-> file on the client machine on which the
- command is issued. By default, commands are executed in the local cell as defined
- </P
-><UL
-><LI
-><P
->First, by the value of the environment variable AFSCELL. (This variable is normally not
- defined by default. If you are working in another, nonlocal cell for an extended period of time, you can set
- the variable to the name of that cell.)</P
-></LI
-><LI
-><P
->Second, in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr/vice/etc/ThisCell</B
-></SPAN
-> file on the client
- machine on which the command is issued.</P
-></LI
-></UL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[-force]</B
-></SPAN
-></DT
-><DD
-><P
->This flag directs the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts</B
-></SPAN
-> command interpreter to continue
- executing the command, if possible, even if it encounters problems during the command's execution.
-
-
- The command interpreter performs as much of the requested operation as possible, rather
- than halting if it encounters a problem. The command interpreter reports any errors it encounters during the
- command's execution. This flag is especially useful if you provide many instances for an argument; if one of the
- instances is invalid, the command reports the error and proceeds with the remaining
- arguments.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[-help]
-
-
-
-
-</B
-></SPAN
-></DT
-><DD
-><P
->This flag has the same function as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts help</B
-></SPAN
-> command: it
- prints the command's online help message on the screen. Do not provide other options at the same time as this
- flag. It overrides them, and the only effect of issuing the command is to display the help
- message.</P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ89"
->Getting Help in AFS</A
-></H1
-><P
->AFS online help consists of basic syntax messages. The AFS distribution also includes help in HTML format
- which your system administrator can make available to you.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_180"
->Displaying Command Syntax and Aliases</A
-></H2
-><P
->To display a brief description of a command, its syntax statement, and alias if any, use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->help</B
-></SPAN
-> operation code. For example, to display the online help entry for the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, enter the following command:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs help listacl</B
-></SPAN
->
- fs listacl: list access control list
- aliases: la
- Usage: fs listacl [-path <dir/file path>+] [-id] [-if] [-help]
-</PRE
-><P
->To display the syntax statement only, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-help</B
-></SPAN
-> flag, which is available
- on most AFS commands. For example, to display the syntax statement for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setacl</B
-></SPAN
-> command, enter the following command:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -help</B
-></SPAN
->
- Usage: fs setacl -dir <directory>+ -acl <access list entries>+ [-clear] [-negative]
- [-id] [-if] [-help]
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_181"
->Displaying Operation Code Descriptions</A
-></H2
-><P
->To display a short description of all of a command suite's operation codes, issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->help</B
-></SPAN
-> operation code without any other arguments. For example, the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs help</B
-></SPAN
-> command displays a short description of every operation code in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command suite.
-
-</P
-><P
->To display a list of the commands in a command suite that concern a certain type of object, provide a
- relevant keyword argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->apropos</B
-></SPAN
-> operation code. For example, if you want
- to set an ACL but cannot remember which <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command to use, issue the following
- command:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs apropos set</B
-></SPAN
->
- setacl: set access control list
- setcachesize: set cache size
- setcell: set cell status
- setclientaddrs: set client network interface addresses
- setquota: set volume quota
- setserverprefs: set file server ranks
- setvol: set volume status
- sysname: get/set sysname (i.e. @sys) value
-</PRE
-><P
->The following message indicates that there are no commands whose names or descriptions include the keyword
- string you have provided:</P
-><PRE
-CLASS="programlisting"
-> Sorry, no commands found
-</PRE
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If the keyword you provide has spaces in it, enclose it in double quotes (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->"
- "</B
-></SPAN
->).</P
-></BLOCKQUOTE
-></DIV
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="a3632.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="g4153.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Using the NFS/AFS Translator</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Glossary</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
<!ENTITY appendixA SYSTEM "auusg010.xml">
<!ENTITY appendixB SYSTEM "auusg011.xml">
<!ENTITY glossary SYSTEM "auusg012.xml">
-<!ENTITY index SYSTEM "auusg013.xml">
]>
<book>
<bookinfo>
- <title>AFS User Guide</title>
+ <title>OpenAFS User Guide</title>
- <subtitle>Version 3.6</subtitle>
-
- <pubsnumber>Document Number GC09-4561-00</pubsnumber>
+ <subtitle>Version M.n</subtitle>
<copyright>
<year>2000</year>
</copyright>
<revhistory>
+ <revision>
+ <revnumber>M.n</revnumber>
+
+ <date>May 2008</date>
+
+ <revremark>First OpenAFS Edition</revremark>
+ </revision>
+
<revision>
<revnumber>3.6</revnumber>
<date>April 2000</date>
- <revremark>First Edition</revremark>
- </revision>
+ <pubsnumber>Document Number GC09-4561-00</pubsnumber>
+
+ <revremark>First IBM Edition, Document Number GC09-4561-00</revremark>
+ </revision>
</revhistory>
<abstract>
<para>This edition applies to: <simplelist>
- <member>IBM AFS for AIX, Version 3.6</member>
- <member>IBM AFS for Digital Unix, Version 3.6</member>
- <member>IBM AFS for HP-UX, Version 3.6</member>
- <member>IBM AFS for Linux, Version 3.6</member>
- <member>IBM AFS for SGI IRIX, Version 3.6</member>
- <member>IBM AFS for Solaris, Version 3.6</member>
+ <member>OpenAFS for AIX, Version M.n</member>
+ <member>OpenAFS for Digital Unix, Version M.n</member>
+ <member>OpenAFS for HP-UX, Version M.n</member>
+ <member>OpenAFS for Linux, Version M.n</member>
+ <member>OpenAFS for SGI IRIX, Version M.n</member>
+ <member>OpenAFS for Solaris, Version M.n</member>
</simplelist></para>
<para>and to all subsequent releases and modifications until otherwise
&appendixA;
&appendixB;
&glossary;
- &index;
+ <index>Name Index</index>
</book>
or group of related tasks are presented in context, just prior to the procedures. Many examples are provided.</para>
<para>Instructions generally include only the commands and command options necessary for a specific task. For a complete list of
- AFS commands and description of all options available on every command, see the <emphasis>IBM AFS Administration
+ AFS commands and description of all options available on every command, see the <emphasis>OpenAFS Administration
Reference</emphasis>.</para>
</sect1>
<para>This document is divided into the following chapters.</para>
- <para><link linkend="HDRWQ2">An Introduction to AFS</link> introduces the basic concepts and functions of AFS. To use AFS
+ <para><link linkend="HDRWQ2">An Introduction to OpenAFS</link> introduces the basic concepts and functions of AFS. To use AFS
successfully, it is important to be familiar with the terms and concepts described in this chapter.</para>
- <para><link linkend="HDRWQ20">Using AFS</link> describes how to use AFS's basic features: how to log in and authenticate, unlog,
+ <para><link linkend="HDRWQ20">Using OpenAFS</link> describes how to use AFS's basic features: how to log in and authenticate, unlog,
log out, access AFS files and directories in AFS, and change your password.</para>
- <para><link linkend="HDRWQ38">Displaying Information about AFS</link> describes how to display information about AFS volume
+ <para><link linkend="HDRWQ38">Displaying Information about OpenAFS</link> describes how to display information about AFS volume
quota and location, file server machine status, and the foreign cells you can access.</para>
<para><link linkend="HDRWQ44">Protecting Your Directories and Files</link> describes how to protect your data using AFS access
<para><link linkend="HDRWQ80">Appendix A, Using the NFS/AFS Translator</link> describes how to use the NFS/AFS Translator to
access the AFS filespace from an NFS client machine.</para>
- <para><link linkend="HDRWQ86">Appendix B, AFS Command Syntax and Online Help</link> describes AFS command syntax and how to
+ <para><link linkend="HDRWQ86">Appendix B, OpenAFS Command Syntax and Online Help</link> describes AFS command syntax and how to
obtain online information about commands.</para>
- <para><link linkend="HDRWQ90">Appendix C, Glossary</link> defines terms used in the <emphasis>IBM AFS User
+ <para><link linkend="HDRWQ90">Appendix C, Glossary</link> defines terms used in the <emphasis>OpenAFS User
Guide</emphasis>.</para>
</sect1>
<sect1 id="HDRUSERFRONTHOWTO">
<title>How To Use This Document</title>
- <para>Before you begin using AFS, read <link linkend="HDRWQ2">An Introduction to AFS</link>. Next, follow the procedures
- outlined in <link linkend="HDRWQ20">Using AFS</link> to get started using AFS as an authenticated user. It describes how to
+ <para>Before you begin using OpenAFS, read <link linkend="HDRWQ2">An Introduction to OpenAFS</link>. Next, follow the procedures
+ outlined in <link linkend="HDRWQ20">Using OpenAFS</link> to get started using OpenAFS as an authenticated user. It describes how to
access files in the AFS filespace and how to end an AFS session. Consult the other chapters as you need to perform the tasks
they describe.</para>
</sect1>
<itemizedlist>
<listitem>
- <para>The <emphasis>IBM AFS Administration Reference</emphasis> details the syntax of each AFS command and is intended for
- the experienced AFS administrator, programmer, or user. For each AFS command, the <emphasis>IBM AFS Administration
+ <para>The <emphasis>OpenAFS Administration Reference</emphasis> details the syntax of each AFS command and is intended for
+ the experienced AFS administrator, programmer, or user. For each AFS command, the <emphasis>OpenAFS Administration
Reference</emphasis> lists the command syntax, aliases and abbreviations, description, arguments, warnings, output,
examples, and related topics. Commands are organized alphabetically.</para>
</listitem>
<listitem>
- <para>The <emphasis>IBM AFS Administration Guide</emphasis> describes concepts and procedures necessary for administering an
- AFS cell, as well as more extensive coverage of the topics in the <emphasis>IBM AFS User Guide</emphasis>.</para>
+ <para>The <emphasis>OpenAFS Administration Guide</emphasis> describes concepts and procedures necessary for administering an
+ AFS cell, as well as more extensive coverage of the topics in the <emphasis>OpenAFS User Guide</emphasis>.</para>
</listitem>
<listitem>
- <para>The <emphasis>IBM AFS Quick Beginnings</emphasis> provides instructions for installing AFS server and client
+ <para>The <emphasis>OpenAFS Quick Beginnings</emphasis> provides instructions for installing AFS server and client
machines.</para>
</listitem>
</itemizedlist>
</para>
<para>For additional information on AFS commands, including a description of command string components, acceptable abbreviations
- and aliases, and how to get online help for commands, see <link linkend="HDRWQ86">Appendix B, AFS Command Syntax and Online
+ and aliases, and how to get online help for commands, see <link linkend="HDRWQ86">Appendix B, OpenAFS Command Syntax and Online
Help</link>.</para>
</sect1>
</preface>
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="HDRWQ2">
- <title>An Introduction to AFS</title>
+ <title>An Introduction to OpenAFS</title>
<para>This chapter introduces basic AFS concepts and terms. It assumes that you are already familiar with standard UNIX commands,
file protection, and pathname conventions.</para>
</sect1>
<sect1 id="HDRWQ19">
- <title>Using AFS with NFS</title>
+ <title>Using OpenAFS with NFS</title>
<para>Some cells use the Networking File System (NFS) in addition to AFS. If you work on an NFS client machine, your system
administrator can configure it to access the AFS filespace through a program called the <emphasis>NFS/AFS
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="HDRWQ20">
- <title>Using AFS</title>
+ <title>Using OpenAFS</title>
<para>This chapter explains how to perform four basic AFS tasks: logging in and authenticating with AFS, ending an AFS session,
accessing the AFS filespace, and changing your password.</para>
<para>Your cell's administrators set the default lifetime of your token. The AFS authentication service never grants a token
lifetime longer than the default, but you can request a token with a shorter lifetime. See the <emphasis
- role="bold">klog</emphasis> reference page in the <emphasis>IBM AFS Administration Reference</emphasis> to learn how to use
+ role="bold">klog</emphasis> reference page in the <emphasis>OpenAFS Administration Reference</emphasis> to learn how to use
its <emphasis role="bold">-lifetime</emphasis> argument for this purpose.</para>
</sect3>
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="HDRWQ38">
- <title>Displaying Information about AFS</title>
+ <title>Displaying Information about OpenAFS</title>
<para>This chapter explains how to display information that can help you use AFS more effectively. It includes the following
sections.
<para>If you specify only one directory (or file) name, you can omit the <emphasis role="bold">-dir</emphasis> and
<emphasis role="bold">-acl</emphasis> switches. For more on omitting switches, see <link linkend="HDRWQ86">Appendix B,
- AFS Command Syntax and Online Help</link>.</para>
+ OpenAFS Command Syntax and Online Help</link>.</para>
</listitem>
</varlistentry>
<para>Although AFS protects data primarily with ACLs rather than mode bits, it does not ignore the mode bits entirely. An
explanation of how mode bits work in the UNIX file system is outside the scope of this document, and the following discussion
assumes you understand them; if necessary, see your UNIX documentation. Also, the following discussion does not cover the
- setuid, setgid or sticky bits. If you need to understand how those bits work on AFS files, see the <emphasis>IBM AFS
+ setuid, setgid or sticky bits. If you need to understand how those bits work on AFS files, see the <emphasis>OpenAFS
Administration Guide</emphasis> or ask your system administrator.</para>
<para>AFS uses the UNIX mode bits in the following way:</para>
<?xml version="1.0" encoding="utf-8"?>
- <appendix id="HDRWQ86"><title>AFS Command Syntax and Online Help</title>
+ <appendix id="HDRWQ86"><title>OpenAFS Command Syntax and Online Help</title>
<indexterm><primary>syntax of AFS commands described</primary></indexterm>
users: file server commands, protection server commands, and miscellaneous commands. This chapter discusses the
syntax of these AFS commands, the rules that must be followed when issuing them, and ways of accessing help
relevant to them.</para>
- <sect1 id="HDRWQ87"><title>AFS Command Syntax</title>
+ <sect1 id="HDRWQ87"><title>OpenAFS Command Syntax</title>
<para>
<indexterm><primary>commands</primary><secondary>syntax for AFS</secondary></indexterm>
Most AFS commands use the following syntax:</para>
<listitem><para><emphasis role="bold">-negative</emphasis> is a flag; it directs the command to put the access
list entries on the negative rather than the normal permissions list.</para></listitem>
</itemizedlist>
- </sect2></sect1><sect1 id="HDRWQ88"><title>Rules for Using AFS Commands</title>
+ </sect2></sect1><sect1 id="HDRWQ88"><title>Rules for Using OpenAFS Commands</title>
<para>This section describes the rules to follow when using AFS commands.</para>
<sect2 id="Header_171"><title>Spaces and Lines</title>
<para>Separate each command element (command suite, operation code, switches, instances, and flags) with a space.
<listitem><para><emphasis role="bold">fs lista</emphasis> (abbreviation)</para></listitem>
<listitem><para><emphasis role="bold">fs la</emphasis> (alias)</para></listitem>
</itemizedlist>
- <para>The <emphasis>IBM AFS Administration Reference</emphasis> provides information on the full and abbreviated
+ <para>The <emphasis>OpenAFS Administration Reference</emphasis> provides information on the full and abbreviated
command syntax as well as any aliases for all of the commands discussed in this guide.</para>
</sect2><sect2 id="Header_173"><title>Omitting Argument Switches</title>
</programlisting>
</sect2></sect1><sect1 id="Header_176"><title>Commonly Used fs and pts Commands</title>
<para>This section provides additional information on the commonly used AFS <emphasis role="bold">fs</emphasis> and
- <emphasis role="bold">pts</emphasis> commands. For more detailed information, see the <emphasis>IBM AFS
+ <emphasis role="bold">pts</emphasis> commands. For more detailed information, see the <emphasis>OpenAFS
Administration Reference</emphasis>.</para>
<sect2 id="Header_177"><title>About the fs Commands</title>
group entries they own, as well as their own user entries. Depending on the setting of an entry's privacy flags,
regular users can sometimes access and manipulate group entries in certain ways.</para>
<para>All <emphasis role="bold">pts</emphasis> commands accept optional arguments and flags. They are listed in the
- command descriptions in the <emphasis>IBM AFS Administration Reference</emphasis> and are described here in
+ command descriptions in the <emphasis>OpenAFS Administration Reference</emphasis> and are described here in
detail:</para>
<variablelist>
<glossdef>
<para>A string of characters indicating an action for an AFS server to perform. For a description of AFS command syntax, see
- <link linkend="HDRWQ86">Appendix B, AFS Command Syntax and Online Help</link>.</para>
+ <link linkend="HDRWQ86">Appendix B, OpenAFS Command Syntax and Online Help</link>.</para>
</glossdef>
</glossentry>
<indexentry>
<primaryie>arguments to AFS commands,
- <ulink url="a3812.html#HDRWQ87" role="AEN3856">AFS Command Syntax</ulink>
+ <ulink url="a3812.html#HDRWQ87" role="AEN3856">OpenAFS Command Syntax</ulink>
</primaryie>
</indexentry>
<ulink url="c113.html#HDRWQ18" role="AEN471">Remote Commands</ulink>
</secondaryie>
<secondaryie>suite organization for AFS,
- <ulink url="a3812.html#HDRWQ87" role="AEN3830">AFS Command Syntax</ulink>
+ <ulink url="a3812.html#HDRWQ87" role="AEN3830">OpenAFS Command Syntax</ulink>
</secondaryie>
<secondaryie>syntax for AFS,
- <ulink url="a3812.html#HDRWQ87" role="AEN3820">AFS Command Syntax</ulink>
+ <ulink url="a3812.html#HDRWQ87" role="AEN3820">OpenAFS Command Syntax</ulink>
</secondaryie>
<secondaryie>tokens,
<ulink url="c569.html#HDRWQ30" role="AEN759">To Display Your Tokens</ulink>
<indexentry>
<primaryie>flags on AFS commands,
- <ulink url="a3812.html#HDRWQ87" role="AEN3867">AFS Command Syntax</ulink>
+ <ulink url="a3812.html#HDRWQ87" role="AEN3867">OpenAFS Command Syntax</ulink>
</primaryie>
</indexentry>
<indexentry>
<primaryie>instances to AFS commands,
- <ulink url="a3812.html#HDRWQ87" role="AEN3863">AFS Command Syntax</ulink>
+ <ulink url="a3812.html#HDRWQ87" role="AEN3863">OpenAFS Command Syntax</ulink>
</primaryie>
</indexentry>
<ulink url="a3812.html#Header_172" role="AEN3915">Abbreviations and Aliases for Operation Codes</ulink>
</secondaryie>
<secondaryie>defined,
- <ulink url="a3812.html#HDRWQ87" role="AEN3846">AFS Command Syntax</ulink>
+ <ulink url="a3812.html#HDRWQ87" role="AEN3846">OpenAFS Command Syntax</ulink>
</secondaryie>
</indexentry>
<indexentry>
<primaryie>suite, defined for AFS command,
- <ulink url="a3812.html#HDRWQ87" role="AEN3833">AFS Command Syntax</ulink>
+ <ulink url="a3812.html#HDRWQ87" role="AEN3833">OpenAFS Command Syntax</ulink>
</primaryie>
</indexentry>
<ulink url="a3812.html#Header_174" role="AEN3963">Shortening Switches and Flags</ulink>
</secondaryie>
<secondaryie>defined,
- <ulink url="a3812.html#HDRWQ87" role="AEN3860">AFS Command Syntax</ulink>
+ <ulink url="a3812.html#HDRWQ87" role="AEN3860">OpenAFS Command Syntax</ulink>
</secondaryie>
<secondaryie>omitting,
<ulink url="a3812.html#Header_173" role="AEN3942">Omitting Argument Switches</ulink>
<indexentry>
<primaryie>syntax of AFS commands described,
- <ulink url="a3812.html" role="AEN3814">AFS Command Syntax and Online Help</ulink>
+ <ulink url="a3812.html" role="AEN3814">OpenAFS Command Syntax and Online Help</ulink>
</primaryie>
</indexentry>
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->AFS User Guide</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="NEXT"
-TITLE="About This Guide"
-HREF="f24.html"></HEAD
-><BODY
-CLASS="book"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="BOOK"
-><A
-NAME="AEN1"
-></A
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="title"
-><A
-NAME="AEN2"
->AFS User Guide</A
-></H1
-><H2
-CLASS="subtitle"
->Version 3.6</H2
-><P
-CLASS="copyright"
->Copyright © 2000 IBM Corporation. All Rights Reserved</P
-><DIV
-><DIV
-CLASS="abstract"
-><A
-NAME="AEN14"
-></A
-><P
->This edition applies to: <TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->IBM AFS for AIX, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for Digital Unix, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for HP-UX, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for Linux, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for SGI IRIX, Version 3.6</TD
-></TR
-><TR
-><TD
->IBM AFS for Solaris, Version 3.6</TD
-></TR
-></TBODY
-></TABLE
-></P
-><P
->and to all subsequent releases and modifications until otherwise
- indicated in new editions.This softcopy version is based on the printed
- edition of this book. Some formatting amendments have been made to make
- this information more suitable for softcopy.</P
-></DIV
-></DIV
-><HR></DIV
-><DIV
-CLASS="TOC"
-><DL
-><DT
-><B
->Table of Contents</B
-></DT
-><DT
-><A
-HREF="f24.html"
->About This Guide</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="f24.html#HDRPREFAUDPUR"
->Audience and Purpose</A
-></DT
-><DT
-><A
-HREF="f24.html#HDRPREFORGAN"
->Document Organization</A
-></DT
-><DT
-><A
-HREF="f24.html#HDRUSERFRONTHOWTO"
->How To Use This Document</A
-></DT
-><DT
-><A
-HREF="f24.html#HDRPREFRELATE"
->Related Documents</A
-></DT
-><DT
-><A
-HREF="f24.html#HDRTYPO_CONV"
->Typographical Conventions</A
-></DT
-></DL
-><BR></DD
-><DT
->1. <A
-HREF="c113.html"
->An Introduction to AFS</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c113.html#HDRWQ3"
->AFS Concepts</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c113.html#Header_9"
->Client/Server Computing</A
-></DT
-><DT
-><A
-HREF="c113.html#Header_10"
->Distributed File Systems</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ4"
->AFS Filespace and Local Filespace</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ5"
->Cells and Sites</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ6"
->Volumes and Mount Points</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ7"
->Volume Quotas</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c113.html#HDRWQ8"
->Using Files in AFS</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c113.html#HDRWQ9"
->The Cache Manager</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ10"
->Updating Copies of Cached Files</A
-></DT
-><DT
-><A
-HREF="c113.html#Header_18"
->Multiple Users Modifying Files</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c113.html#HDRWQ11"
->AFS Security</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c113.html#HDRWQ12"
->Passwords and Mutual Authentication</A
-></DT
-><DT
-><A
-HREF="c113.html#Header_21"
->Access Control Lists</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c113.html#HDRWQ13"
->Differences Between UNIX and AFS</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c113.html#HDRWQ14"
->File Sharing</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ15"
->Login and Authentication</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ16"
->File and Directory Protection</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ17"
->Machine Outages</A
-></DT
-><DT
-><A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
-></DT
-><DT
-><A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c113.html#HDRWQ19"
->Using AFS with NFS</A
-></DT
-></DL
-><BR></DD
-><DT
->2. <A
-HREF="c569.html"
->Using AFS</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c569.html#HDRWQ21"
->Logging in and Authenticating with AFS</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c569.html#HDRWQ22"
->Logging In</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_33"
->To Log In Using an AFS-modified Login Utility</A
-></DT
-><DT
-><A
-HREF="c569.html#HDRWQ23"
->To Log In Using a Two-Step Login Procedure</A
-></DT
-><DT
-><A
-HREF="c569.html#HDRWQ24"
->Authenticating with AFS</A
-></DT
-><DT
-><A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
-></DT
-><DT
-><A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_44"
->Example: Authenticating in the Local Cell</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_45"
->Example: Authenticating as a Another User</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_46"
->Example: Authenticating in a Foreign Cell</A
-></DT
-><DT
-><A
-HREF="c569.html#HDRWQ31"
->Limits on Failed Authentication Attempts</A
-></DT
-><DT
-><A
-HREF="c569.html#HDRWQ32"
->To Display Your Failed Authentication Limit and Lockout Time</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c569.html#HDRWQ33"
->Exiting an AFS Session</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c569.html#Header_50"
->To Discard Tokens</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_51"
->Example: Unauthenticating from a Specific Cell</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_52"
->To Log Out</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c569.html#HDRWQ34"
->Accessing the AFS Filespace</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c569.html#Header_54"
->AFS Pathnames</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_55"
->Example: Displaying the Contents of Another User's Directory</A
-></DT
-><DT
-><A
-HREF="c569.html#HDRWQ35"
->Accessing Foreign Cells</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c569.html#HDRWQ36"
->Changing Your Password</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c569.html#HDRWQ37"
->To Display Password Expiration Date and Reuse Policy</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_59"
->To Change Your AFS Password</A
-></DT
-><DT
-><A
-HREF="c569.html#Header_60"
->To Change Your UNIX Password</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->3. <A
-HREF="c1095.html"
->Displaying Information about AFS</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1095.html#HDRWQ39"
->Displaying Volume Quota</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1095.html#Header_63"
->To Display Percentage of Quota Used</A
-></DT
-><DT
-><A
-HREF="c1095.html#Header_64"
->Example: Displaying Percentage of Quota Used</A
-></DT
-><DT
-><A
-HREF="c1095.html#Header_65"
->To Display Quota and Other Information about a Volume</A
-></DT
-><DT
-><A
-HREF="c1095.html#Header_66"
->Example: Display Quota and Other Information about a Volume</A
-></DT
-><DT
-><A
-HREF="c1095.html#Header_67"
->To Display Quota and Other Information about a Volume and Partition</A
-></DT
-><DT
-><A
-HREF="c1095.html#Header_68"
->Example: Displaying Quota and Other Information about a Volume and Partition</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1095.html#HDRWQ40"
->Locating Files and Directories</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1095.html#Header_70"
->To Display a File or Directory's Location</A
-></DT
-><DT
-><A
-HREF="c1095.html#Header_71"
->Example: Displaying Directory Location</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1095.html#HDRWQ41"
->Checking the Status of Server Machines</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1095.html#Header_73"
->To Check File Server Machine Status</A
-></DT
-><DT
-><A
-HREF="c1095.html#Header_74"
->Example: Checking Server Machine Status</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1095.html#HDRWQ42"
->Determining Access to Foreign Cells</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1095.html#Header_76"
->To Display Foreign Cells</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1095.html#HDRWQ43"
->Displaying Server Preference Ranks</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1095.html#Header_78"
->To Display Server Preference Ranks</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->4. <A
-HREF="c1444.html"
->Protecting Your Directories and Files</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#HDRWQ45"
->Access Control Lists</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#Header_81"
->Directory Level Access Control</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1444.html#HDRWQ46"
->The AFS ACL Permissions</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
-></DT
-><DT
-><A
-HREF="c1444.html#HDRWQ48"
->The Three File Permissions</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_85"
->The Eight Auxiliary Permissions</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_86"
->Shorthand Notation for Sets of Permissions</A
-></DT
-><DT
-><A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_88"
->Setting DFS ACLs</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#Header_90"
->Enabling Access to Subdirectories</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_91"
->Extending Access to Service Processes</A
-></DT
-><DT
-><A
-HREF="c1444.html#HDRWQ51"
->Extending Access to Users from Foreign Cells</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1444.html#HDRWQ52"
->Displaying an ACL</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#HDRWQ53"
->To display an ACL</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_95"
->Example: Displaying the ACL on One Directory</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_96"
->Example: Displaying the ACLs on Multiple Directories</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1444.html#HDRWQ54"
->Changing an ACL</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_99"
->Example: Adding a Single ACL Entry</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_100"
->Example: Setting Several ACL Entries on One Directory</A
-></DT
-><DT
-><A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_102"
->Example: Setting an Entry in the Negative Permissions Section</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_103"
->Example: Restoring Access by Removing an Entry from the Negative Permissions Section</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1444.html#HDRWQ57"
->Completely Replacing an ACL</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#Header_105"
->To Replace an ACL Completely</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_106"
->Example: Replacing an ACL</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1444.html#HDRWQ58"
->Copying ACLs Between Directories</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#Header_108"
->To Copy an ACL Between Directories</A
-></DT
-><DT
-><A
-HREF="c1444.html#Header_109"
->Example: Copying an ACL from One Directory to Another</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c1444.html#HDRWQ59"
->How AFS Uses the UNIX Mode Bits</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c1444.html#Header_111"
->Example: Disabling Write Access for a File</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->5. <A
-HREF="c2454.html"
->Using Groups</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c2454.html#HDRWQ61"
->About Groups</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
-></DT
-><DT
-><A
-HREF="c2454.html#HDRWQ63"
->Group Names</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_116"
->Group-creation Quota</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c2454.html#HDRWQ64"
->Displaying Group Information</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c2454.html#HDRWQ65"
->To Display Group Membership</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_119"
->Example: Displaying the Members of a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_120"
->Example: Displaying the Groups to Which a User Belongs</A
-></DT
-><DT
-><A
-HREF="c2454.html#HDRWQ66"
->To Display the Groups a User or Group Owns</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_122"
->Example: Displaying the Groups a Group Owns</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_123"
->Example: Displaying the Groups a User Owns</A
-></DT
-><DT
-><A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_125"
->Example: Listing Information about a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_126"
->Example: Listing Group Information about a User</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c2454.html#HDRWQ68"
->Creating Groups and Adding Members</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c2454.html#HDRWQ69"
->To Create a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_129"
->Example: Creating a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#HDRWQ70"
->To Add Members to a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_131"
->Example: Adding Members to a Group</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c2454.html#HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c2454.html#Header_133"
->To Remove Members from a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_134"
->Example: Removing Group Members</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_135"
->To Delete a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_136"
->Example: Deleting a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_137"
->To Remove Obsolete ACL Entries</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_138"
->Example: Removing an Obsolete ACL Entry</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c2454.html#HDRWQ72"
->Changing a Group's Owner or Name</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c2454.html#HDRWQ73"
->To Change a Group's Owner</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_141"
->Example: Changing a Group's Owner to Another User</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_142"
->Example: Changing a Group's Owner to Itself</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_143"
->Example: Changing a Group's Owner to a Group</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_144"
->To Change a Group's Name</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_145"
->Example: Changing a Group's <VAR
-CLASS="replaceable"
->group_name</VAR
-> Suffix</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_146"
->Example: Changing a Group's <VAR
-CLASS="replaceable"
->owner_name</VAR
-> Prefix</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c2454.html#HDRPRIVACY-FLAGS"
->Interpreting the Privacy Flags</A
-></DT
-><DT
-><A
-HREF="c2454.html#HDRWQ75"
->To Set a Group's Privacy Flags</A
-></DT
-><DT
-><A
-HREF="c2454.html#Header_150"
->Example: Setting a Group's Privacy Flags</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->6. <A
-HREF="c3402.html"
->Troubleshooting</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="c3402.html#HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
-></DT
-><DT
-><A
-HREF="c3402.html#HDRWQ78"
->Problem: Accidentally Removed Your Entry from an ACL</A
-></DT
-><DT
-><A
-HREF="c3402.html#HDRWQ79"
->Error Message: "afs: Lost contact with fileserver"</A
-></DT
-><DT
-><A
-HREF="c3402.html#Header_155"
->Error Message: "<VAR
-CLASS="replaceable"
->command</VAR
->: Connection timed out"</A
-></DT
-><DT
-><A
-HREF="c3402.html#Header_156"
->Error Message: "fs: You don't have the required access rights on '<VAR
-CLASS="replaceable"
->file</VAR
->'"</A
-></DT
-><DT
-><A
-HREF="c3402.html#Header_157"
->Error Message: "afs: failed to store file"</A
-></DT
-></DL
-><BR></DD
-><DT
->A. <A
-HREF="a3632.html"
->Using the NFS/AFS Translator</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a3632.html#HDRWQ81"
->Requirements for Using the NFS/AFS Translator</A
-></DT
-><DT
-><A
-HREF="a3632.html#Header_160"
->Accessing AFS via the Translator</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a3632.html#HDRWQ82"
->To Authenticate on a Supported Operating System</A
-></DT
-><DT
-><A
-HREF="a3632.html#HDRWQ83"
->To Authenticate on an Unsupported Operating System</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a3632.html#HDRWQ84"
->Troubleshooting the NFS/AFS Translator</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a3632.html#HDRWQ85"
->Your NFS Client Machine is Frozen</A
-></DT
-><DT
-><A
-HREF="a3632.html#Header_165"
->NFS/AFS Translator Reboots</A
-></DT
-><DT
-><A
-HREF="a3632.html#Header_166"
->System Error Messages</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
->B. <A
-HREF="a3812.html"
->AFS Command Syntax and Online Help</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a3812.html#Header_169"
->Command Syntax Example</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a3812.html#HDRWQ88"
->Rules for Using AFS Commands</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a3812.html#Header_171"
->Spaces and Lines</A
-></DT
-><DT
-><A
-HREF="a3812.html#Header_172"
->Abbreviations and Aliases for Operation Codes</A
-></DT
-><DT
-><A
-HREF="a3812.html#Header_173"
->Omitting Argument Switches</A
-></DT
-><DT
-><A
-HREF="a3812.html#Header_174"
->Shortening Switches and Flags</A
-></DT
-><DT
-><A
-HREF="a3812.html#Header_175"
->Shortening Directory References</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a3812.html#Header_176"
->Commonly Used fs and pts Commands</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a3812.html#Header_177"
->About the fs Commands</A
-></DT
-><DT
-><A
-HREF="a3812.html#Header_178"
->About the pts Commands</A
-></DT
-></DL
-><BR></DD
-><DT
-><A
-HREF="a3812.html#HDRWQ89"
->Getting Help in AFS</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="a3812.html#Header_180"
->Displaying Command Syntax and Aliases</A
-></DT
-><DT
-><A
-HREF="a3812.html#Header_181"
->Displaying Operation Code Descriptions</A
-></DT
-></DL
-><BR></DD
-></DL
-><BR></DD
-><DT
-><A
-HREF="g4153.html"
->Glossary</A
-></DT
-><DT
-><A
-HREF="i4608.html"
->Index</A
-></DT
-></DL
-><BR></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="f24.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->About This Guide</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Displaying Information about AFS</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Using AFS"
-HREF="c569.html"><LINK
-REL="NEXT"
-TITLE="Protecting Your Directories and Files"
-HREF="c1444.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c569.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c1444.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ38"
-></A
->Chapter 3. Displaying Information about AFS</H1
-><P
->This chapter explains how to display information that can help you use AFS more effectively. It includes the following
- sections.
-
- <TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
-><A
-HREF="c1095.html#HDRWQ39"
->Displaying Volume Quota</A
-></TD
-></TR
-><TR
-><TD
-><A
-HREF="c1095.html#HDRWQ40"
->Locating Files and Directories</A
->.</TD
-></TR
-><TR
-><TD
-><A
-HREF="c1095.html#HDRWQ41"
->Checking the Status of Server Machines</A
-></TD
-></TR
-><TR
-><TD
-><A
-HREF="c1095.html#HDRWQ42"
->Determining Access to Foreign Cells</A
-></TD
-></TR
-><TR
-><TD
-><A
-HREF="c1095.html#HDRWQ43"
->Displaying Server Preference Ranks</A
-></TD
-></TR
-></TBODY
-></TABLE
->
-</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ39"
->Displaying Volume Quota</A
-></H1
-><P
->By convention, the files in your home directory are stored together in a single volume. (For information about volumes,
- see <A
-HREF="c113.html#HDRWQ6"
->Volumes and Mount Points</A
->.) To allocate your cell's available disk space as fairly as possible,
- your system administrators impose a size limit, or <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->quota</I
-></SPAN
->, on each volume. You cannot store more data in a
- volume than its quota allows. If a volume is close to its quota, you sometimes cannot save changes you have made to files stored
- in the volume.</P
-><P
->The amount of space available on the partition that houses the volume also limits how large the volume can grow. If the
- disk partition is full, you can become unable to save changes to a file even though the volume is not close to its quota.
- </P
-><P
->Check the quota on your home volume periodically to make sure you have adequate space. Also, if you encounter problems
- saving a file, check the quota of the volume in which the file is stored. Use the following commands to display volume
- quota.
-
- <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota</B
-></SPAN
-> command lists the percentage of the volume quota used.</P
-></LI
-><LI
-><P
->Both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> commands list
- the volume name, its maximum size (quota), and its current size. They also report the following additional
- information.
-
- <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> command lists the percentage used of both the volume and the
- partition.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> command lists the partition's size, the amount of space currently
- used, and any messages associated with the volume.</P
-></LI
-></UL
->
-</P
-></LI
-></UL
->
-</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_63"
->To Display Percentage of Quota Used</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota</B
-></SPAN
-> command to display the percentage of the quota currently used for
- the volume that contains a specified directory or file.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->><SUP
->+</SUP
->]
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->dir/file path</VAR
-> specifies the pathname of a file or directory in each volume for which to
- display quota information. If you do not provide a pathname, the output reports quota information for the volume that contains
- the current working directory.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_64"
->Example: Displaying Percentage of Quota Used</A
-></H2
-><P
-> The following example displays the percentage of quota used for the volumes that contain two user
- home directories in the ABC Corporation cell.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd /afs/abc.com/usr</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs quota terry pat</B
-></SPAN
->
- 34% of quota used.
- 85% of quota used.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_65"
->To Display Quota and Other Information about a Volume</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> command to display the following information:
-
- <UL
-><LI
-><P
->The name of the volume that houses each specified file or directory</P
-></LI
-><LI
-><P
->The quota, expressed as a number of kilobytes (<SAMP
-CLASS="computeroutput"
->1024</SAMP
-> indicates one megabyte)</P
-></LI
-><LI
-><P
->The current size of the volume (the number of kilobytes of currently used)</P
-></LI
-><LI
-><P
->The percentage of the quota used</P
-></LI
-><LI
-><P
->The percentage of space used on the disk partition housing the volume</P
-></LI
-></UL
->
-</P
-><P
->The command's syntax is as follows.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->><SUP
->+</SUP
->]
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->dir/file path</VAR
-> specifies the pathname of a file or directory in each volume for which to
- display quota information. If you do not provide a pathname, the output reports quota information for the volume that contains
- the current working directory.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_66"
->Example: Display Quota and Other Information about a Volume</A
-></H2
-><P
->The following example displays quota information about the volume that houses the home directory of user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota ~terry</B
-></SPAN
->
- Volume Name Quota Used % Used Partition
- user.terry 10000 3400 34% 86%
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_67"
->To Display Quota and Other Information about a Volume and Partition</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> command to display the following information about a volume and
- the partition it resides on:
-
- <UL
-><LI
-><P
->The volume's ID number (abbreviated in the output as <SAMP
-CLASS="computeroutput"
->vid</SAMP
->)</P
-></LI
-><LI
-><P
->The volume name</P
-></LI
-><LI
-><P
->The volume's quota and current size, in kilobytes</P
-></LI
-><LI
-><P
->The number of kilobyte blocks available on the disk partition housing the volume and the total size of that
- partition</P
-></LI
-><LI
-><P
->An <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->off-line message</I
-></SPAN
-> associated with the volume, if any, as set by a system administrator</P
-></LI
-></UL
->
-</P
-><P
->The command's syntax is as follows.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->><SUP
->+</SUP
->]
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->dir/file path</VAR
-> specifies the pathname of a file or directory in each volume for which to
- display quota information. If you do not provide a pathname, the output reports quota information for the volume that contains
- the current working directory.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_68"
->Example: Displaying Quota and Other Information about a Volume and Partition</A
-></H2
-><P
->The following example displays quota and other information about the volume that houses the current working
- directory.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
->
- Volume status for vid = 536871122 named user.terry
- Current disk quota is 10000
- Current blocks used are 5745
- The partition has 1593 blocks available out of 99162
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ40"
->Locating Files and Directories</A
-></H1
-><P
->Normally, you do not need to know which file server machine stores the volume containing a file or directory. Given the
- pathname to a file, the Cache Manager on your client machine automatically accesses the appropriate server machine.</P
-><P
->If you become unable to access a file, however, it can be useful to know which file server machine houses it. You can then
- check whether the File Server process or machine is functioning correctly, as described in <A
-HREF="c1095.html#HDRWQ41"
->Checking the
- Status of Server Machines</A
->. Or, if your system administrators schedule downtime for a machine, you can learn whether the
- outage is likely to prevent you from accessing certain files.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_70"
->To Display a File or Directory's Location</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis</B
-></SPAN
-> command to display the file server machine on which a file or
- directory is stored.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->><SUP
->+</SUP
->]
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->dir/file path</VAR
-> specifies the pathname of each file or directory for which you want
- location information. If you do not provide a pathname, the output reports the machine housing the volume that contains the
- current working directory.</P
-><P
->If the output mentions more than one machine, there is a copy of the volume at each site (the volume is
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->replicated</I
-></SPAN
->). Your system administrators can choose to replicate volumes that contain information many
- people need to use, both for load balancing reasons and to make the information available even if there is an outage on one
- machine that houses the volume.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_71"
->Example: Displaying Directory Location</A
-></H2
-><P
->The following example displays the names of the server machines that house the home volumes for users <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd /afs/abc.com/usr</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis terry pat</B
-></SPAN
->
- File /afs/abc.com/usr/terry is on host fs2.abc.com
- File /afs/abc.com/usr/pat is on host fs3.abc.com
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ41"
->Checking the Status of Server Machines</A
-></H1
-><P
->Sometimes one or more server machines in your cell become inaccessible due to hardware problems, software problems, or
- routine maintenance. During the outage, you cannot access files stored on those machines or save any changes you have made to
- files that are stored on those machines. (Your Cache Manager possibly has copies of the files stored locally, which you can
- still work with.)</P
-><P
->To check the status of server machines, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command. If a server
- machine has more than one network interface address (is <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->multihomed</I
-></SPAN
->), the Cache Manager sends the
- status-checking message to all of the machine's interfaces. If at least one of the server's interfaces replies, the command's
- output reports the machine as accessible. If there is no reply from any of the interfaces, the output reports the machine as
- inaccessible but displays only one of the interfaces (usually the one with the best preference rank; see <A
-HREF="c1095.html#HDRWQ43"
->Displaying Server Preference Ranks</A
->).</P
-><P
->To check the status of different groups of server machines, combine the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
->
- command's options as indicated:
-
- <UL
-><LI
-><P
->To check file server machines in the local cell only, do not include any options</P
-></LI
-><LI
-><P
->To check file server machines in a particular foreign cell only, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
->
- argument</P
-></LI
-><LI
-><P
->To check every file server machine that your Cache Manager has contacted in any cell, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-> flag</P
-></LI
-></UL
->
-</P
-><P
->It can take several minutes for the command shell prompt to return, because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
->
- command interpreter waits a timeout period before concluding that an unresponsive machine is really inaccessible. To have the
- command shell prompt return immediately, add the ampersand (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->&</B
-></SPAN
->), which runs the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command in the background.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_73"
->To Check File Server Machine Status</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command to check the status of file server machines.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->cell to check</VAR
->>] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->&</B
-></SPAN
->]
-</PRE
-><P
->where
-
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-></DT
-><DD
-><P
->Names each cell for which to check server machine status. Do not combine this argument and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-> flag.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-all</B
-></SPAN
-></DT
-><DD
-><P
->Checks the status of all server machines. Do not combine this flag and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
->
- argument.</P
-></DD
-></DL
-></DIV
->
-</P
-><P
->The following message indicates that all server machines replied to the Cache Manager's status-checking message:</P
-><PRE
-CLASS="programlisting"
-> All servers are running.
-</PRE
-><P
->Otherwise, a message like the following lists the inaccessible machines:</P
-><PRE
-CLASS="programlisting"
-> These servers unavailable due to network or server problems: <VAR
-CLASS="replaceable"
->list of machines</VAR
->.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_74"
->Example: Checking Server Machine Status</A
-></H2
-><P
->The following example checks the status of every file server machine the Cache Manager has contacted in any cell. Two
- machines are not responding.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers -all &</B
-></SPAN
->
- These servers unavailable due to network or server problems:
- fs1.abc.com server7.stateu.edu.
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ42"
->Determining Access to Foreign Cells</A
-></H1
-><P
->The Cache Manager maintains a list of foreign cells that it knows how to reach. A cell must appear in the list for you to
- access its AFS filespace. (In addition, the ACL on each directory in the pathname to the file must grant you the necessary
- permissions, and your system administrator must mount the cell in the local AFS filespace--by convention, just under the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory.)</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_76"
->To Display Foreign Cells</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listcells</B
-></SPAN
-> command to display the cells you can access from this client
- machine. It can take several minutes for the command shell prompt to return. The Cache Manager stores the machines as IP
- addresses, but has the addresses translated to names before displaying them. To have the command shell prompt return
- immediately, use the ampersand (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->&</B
-></SPAN
->) to run the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listcells</B
-></SPAN
-> command in the background as in the following example.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listcells &</B
-></SPAN
->
- Cell abc.com on hosts
- db1.abc.com
- db2.abc.com
- db3.abc.com
- Cell test.abc.com on hosts
- test4.abc.com.
- Cell stateu.edu on hosts
- sv5.stateu.edu.
- sv2.stateu.edu.
- sv11.stateu.edu.
- Cell def.com on hosts
- serverA.def.com
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ43"
->Displaying Server Preference Ranks</A
-></H1
-><P
->The Cache Manager stores a list of preference ranks for file server machines. When it needs to access a file or directory,
- the Cache Manager compares the ranks of the file server machines that house the relevant volume. It first tries to access the
- volume on the machine with the best rank. (If a file server machine is multihomed--has more than one network interface--the
- Cache Manager actually assigns a separate rank to each interface.)</P
-><P
->The Cache Manager assigns a default rank to a file server machine interface by comparing its own IP address to the
- interface's IP address. It assigns a better rank to interfaces that are on its own subnetwork or network than to interfaces on
- other networks. Therefore, the ranks bias the Cache Manager to fetch files from file server machines that are close in terms of
- network distance, which tends to reduce network traffic and help the Cache Manager deliver data to applications more
- quickly.</P
-><P
->The Cache Manager stores each rank as a pairing of a file server machine interface's IP address and an integer rank from
- the range <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->0</B
-></SPAN
-> to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->65,534</B
-></SPAN
->. A lower number is a better rank. To
- display the server preference ranks on the local client machine, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
->
- command.</P
-><P
->The Cache Manager stores a separate but similar set of ranks for Volume Location (VL) Servers, which tell the Cache
- Manager the location of volumes that house files and directories. To display those ranks, add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
-> command.</P
-><P
->If the default ranks do not seem to result in the best performance, your system administrator can change them. Ask your
- system administrator about the ranks if appropriate.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_78"
->To Display Server Preference Ranks</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
-> command to display the file server machine preference ranks
- used by the Cache Manager on the local machine. To display VL Server ranks, add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
-> flag. By default, the Cache Manager has the IP address of each interface translated into a
- hostname before displaying it. To bypass the translation and display IP addresses, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-numeric</B
-></SPAN
-> flag. This can significantly speed up the command's output.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-numeric</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-vlservers</B
-></SPAN
->]
-</PRE
-><P
->The following example displays the file server machine preference ranks for a client machine in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> cell. The ranks of the file server machines in that cell are lower than the ranks of the file
- server machines from the foreign cell, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->def.com</B
-></SPAN
->. Because the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-numeric</B
-></SPAN
-> flag is not used, the output displays hostnames. The appearance of an IP address for two
- machines indicates that translating them was not possible.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs getserverprefs</B
-></SPAN
->
- fs2.abc.com 20007
- fs3.abc.com 30002
- fs1.abc.com 20011
- fs4.abc.com 30010
- server1.def.com 40002
- 192.12.105.34 40000
- server6.def.com 40012
- 192.12.105.37 40005
-</PRE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c569.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c1444.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Using AFS</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Protecting Your Directories and Files</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->An Introduction to AFS</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="About This Guide"
-HREF="f24.html"><LINK
-REL="NEXT"
-TITLE="Using AFS"
-HREF="c569.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="f24.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c569.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ2"
-></A
->Chapter 1. An Introduction to AFS</H1
-><P
->This chapter introduces basic AFS concepts and terms. It assumes that you are already familiar with standard UNIX commands,
- file protection, and pathname conventions.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ3"
->AFS Concepts</A
-></H1
-><P
->AFS makes it easy for people to work together on the same files, no matter where the files are located. AFS users do not
- have to know which machine is storing a file, and administrators can move files from machine to machine without interrupting
- user access. Users always identify a file by the same pathname and AFS finds the correct file automatically, just as happens in
- the local file system on a single machine. While AFS makes file sharing easy, it does not compromise the security of the shared
- files. It provides a sophisticated protection scheme. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_9"
->Client/Server Computing</A
-></H2
-><P
->AFS uses a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->client/server computing</I
-></SPAN
-> model. In client/server computing, there are two types of
- machines. <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Server machines</I
-></SPAN
-> store data and perform services for client machines. <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Client
- machines</I
-></SPAN
-> perform computations for users and access data and services provided by server machines. Some machines act
- as both clients and servers. In most cases, you work on a client machine, accessing files stored on a file server machine.
- </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_10"
->Distributed File Systems</A
-></H2
-><P
->AFS is a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->distributed file system</I
-></SPAN
-> which joins together the file systems of multiple file server
- machines, making it as easy to access files stored on a remote file server machine as files stored on the local disk. A
- distributed file system has two main advantages over a conventional centralized file system:
-
- <UL
-><LI
-><P
->Increased availability: A copy of a popular file, such as the binary for an application program, can be stored on
- many file server machines. An outage on a single machine or even multiple machines does not necessarily make the file
- unavailable. Instead, user requests for the program are routed to accessible machines. With a centralized file system, the
- loss of the central file storage machine effectively shuts down the entire system.</P
-></LI
-><LI
-><P
->Increased efficiency: In a distributed file system, the work load is distributed over many smaller file server
- machines that tend to be more fully utilized than the larger (and usually more expensive) file storage machine of a
- centralized file system.</P
-></LI
-></UL
->
-</P
-><P
->AFS hides its distributed nature, so working with AFS files looks and feels like working with files stored on your local
- machine, except that you can access many more files. And because AFS relies on the power of users' client machines for
- computation, increasing the number of AFS users does not slow AFS performance appreciably, making it a very efficient
- computing environment.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ4"
->AFS Filespace and Local Filespace</A
-></H2
-><P
->AFS acts as an extension of your machine's local UNIX file system. Your system administrator creates a directory on the
- local disk of each AFS client machine to act as a gateway to AFS. By convention, this directory is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->, and it functions as the root of the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->AFS filespace</I
-></SPAN
->.
- </P
-><P
->Just like the UNIX file system, AFS uses a hierarchical file structure (a tree). Under the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> root directory are subdirectories created by your system administrator, including your home
- directory. Other directories that are at the same level of the local file system as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
->,
- such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/usr</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/bin</B
-></SPAN
->, can either be located on your local disk or be links to AFS directories. Files relevant only to
- the local machine are usually stored on the local machine. All other files can be stored in AFS, enabling many users to share
- them and freeing the local machine's disk space for other uses.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->You can use AFS commands only on files in the AFS filespace or the local directories that are links to the AFS
- filespace.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ5"
->Cells and Sites</A
-></H2
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cell</I
-></SPAN
-> is the administrative domain in AFS. Each cell's administrators determine how client
- machines are configured and how much storage space is available to each user. The organization corresponding to a cell can be
- a company, a university department, or any defined group of users. From a hardware perspective, a cell is a grouping of client
- machines and server machines defined to belong to the same cell. An AFS <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->site</I
-></SPAN
-> is a
- grouping of one or more related cells. For example, the cells at the ABC Corporation form a single site. </P
-><P
->By convention, the subdirectories of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory are cellular filespaces, each
- of which contains subdirectories and files that belong to a single cell. For example, directories and files relevant to the
- ABC Corporation cell are stored in the subdirectory <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
->.</P
-><P
->While each cell organizes and maintains its own filespace, it can also connect with the filespace of other AFS cells.
- The result is a huge filespace that enables file sharing within and across cells. </P
-><P
->The cell to which your client machine belongs is called your <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->local cell</I
-></SPAN
->. All other cells in the AFS
- filespace are termed <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->foreign cells</I
-></SPAN
->. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ6"
->Volumes and Mount Points</A
-></H2
-><P
->The storage disks in a computer are divided into sections called <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->partitions</I
-></SPAN
->. AFS further divides
- partitions into units called <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->volumes</I
-></SPAN
->, each of which houses a subtree of related files and directories.
- The volume provides a convenient container for storing related files and directories. Your system administrators can move
- volumes from one file server machine to another without your noticing, because AFS automatically tracks a volume's location.
- </P
-><P
->You access the contents of a volume by accessing its <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mount point</I
-></SPAN
-> in the AFS filespace. A mount
- point is a special file system element that looks and acts like a regular UNIX directory, but tells AFS the volume's name.
- When you change to a different directory (by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd</B
-></SPAN
-> command, for example) you sometimes
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->cross</I
-></SPAN
-> a mount point and start accessing the contents of a different volume than before. You normally do
- not notice the crossing, however, because AFS automatically interprets mount points and retrieves the contents of the new
- directory from the appropriate volume. You do not need to track which volume, partition, or file server machine is housing a
- directory's contents. If you are interested, though, you can learn a volume's location; for instructions, see <A
-HREF="c1095.html#HDRWQ40"
->Locating Files and Directories</A
->. </P
-><P
->If your system administrator has followed the conventional practice, your home directory corresponds to one volume,
- which keeps its contents together on one partition of a file server machine. User volumes are typically named <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.</B
-></SPAN
-><VAR
-CLASS="replaceable"
->username</VAR
->. For example, the volume for a user named <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
-> in the cell <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.smith</B
-></SPAN
-> and is mounted at the directory <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr/smith</B
-></SPAN
->.
- </P
-><P
->Because AFS volumes are stored on different file server machines, when a machine becomes unavailable only the volumes on
- that machine are inaccessible. Volumes stored on other machines are still accessible. However, if a volume's mount point
- resides in a volume that is stored on an unavailable machine, the former volume is also inaccessible. For that reason, volumes
- containing frequently used directories (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->cellname</VAR
->) are often copied and distributed to many file server
- machines.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ7"
->Volume Quotas</A
-></H2
-><P
->Each volume has a size limit, or <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->quota</I
-></SPAN
->, assigned by the system administrator. A volume's quota
- determines the maximum amount of disk space the volume can consume. If you attempt to exceed a volume's quota, you receive an
- error message. For instructions on checking volume quota, see <A
-HREF="c1095.html#HDRWQ39"
->Displaying Volume Quota</A
->.</P
-><P
->Volumes have completely independent quotas. For example, say that the current working directory is <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr/smith</B
-></SPAN
->, which is the mount point for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.smith</B
-></SPAN
->
- volume with 1000 free blocks. You try to copy a 500 block file from the current working directory to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr/pat</B
-></SPAN
-> directory, the mount point for the volume <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.pat</B
-></SPAN
->. However, you get an error message saying there is not enough space. You check the volume
- quota for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->user.pat</B
-></SPAN
->, and find that the volume only has 50 free blocks.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ8"
->Using Files in AFS</A
-></H1
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ9"
->The Cache Manager</A
-></H2
-><P
->You can access the AFS filespace only when working on an AFS client machine. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Cache Manager</I
-></SPAN
-> on
- that machine is your agent in accessing information stored in the AFS filespace. When you access a file, the Cache Manager on
- your client machine requests the file from the appropriate file server machine and stores (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->caches</I
-></SPAN
->) a copy
- of it on your client machine's local disk. Application programs on your client machine use the local, cached copy of the file.
- This improves performance because it is much faster to use a local file than to send requests for file data across the network
- to the file server machine. </P
-><P
->Because application programs use the cached copy of a file, any changes you make are not necessarily stored permanently
- to the central version stored on the file server machine until the file closes. At that point, the Cache Manager writes your
- changes back to the file server machine, where they replace the corresponding parts of the existing file. Some application
- programs close a file in this way each time you issue their <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->save</B
-></SPAN
-> command (and then
- immediately reopen the file so that you can continue working). With other programs, issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->save</B
-></SPAN
-> command writes the changes only to the local cached copy. If you use the latter type of text
- editor, you need to close the file periodically to make sure your changes are stored permanently.</P
-><P
->If a file server machine becomes inaccessible, you can continue working with the local, cached copy of a file fetched
- from that machine, but you cannot save your changes permanently until the server machine is again accessible.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ10"
->Updating Copies of Cached Files</A
-></H2
-><P
->When the central version of a file changes on the file server machine, the AFS <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->File Server</I
-></SPAN
-> process
- running on that machine advises all other Cache Managers with copies of that file that their version is no longer valid. AFS
- has a special mechanism for performing these notifications efficiently. When the File Server sends the Cache Manager a copy of
- a modifiable file, it also sends a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->callback</I
-></SPAN
->. A callback functions as a promise from the File Server to
- contact the Cache Manager if the centrally stored copy of the file is changed while it is being used. If that happens, the
- File Server <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->breaks</I
-></SPAN
-> the callback. If you run a program that requests data from the changed file, the Cache
- Manager notices the broken callback and gets an updated copy of the file from the File Server. Callbacks ensure that you are
- working with the most recent copy of a file.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The callback mechanism does not guarantee that you immediately see the changes someone else makes to a file you are
- using. Your Cache Manager does not notice the broken callback until your application program asks it for more data from the
- file.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_18"
->Multiple Users Modifying Files</A
-></H2
-><P
->Like a standard UNIX file system, AFS preserves only the changes to a file that are saved last, regardless of who made
- the changes. When collaborating with someone on the same files, you must coordinate your work to avoid overwriting each
- other's changes. You can use AFS access control lists (ACLs) to limit the ability of other users to access or change your
- files, and so prevent them from accidentally overwriting your files. See <A
-HREF="c1444.html"
->Protecting Your Directories
- and Files</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ11"
->AFS Security</A
-></H1
-><P
->AFS makes it easy for many users to access the same files, but also uses several mechanisms to ensure that only authorized
- users access the AFS filespace. The mechanisms include the following:
-
- <UL
-><LI
-><P
->Passwords and mutual authentication ensure that only authorized users access AFS filespace</P
-></LI
-><LI
-><P
->Access control lists enable users to restrict or permit access to their own directories</P
-></LI
-></UL
->
-</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ12"
->Passwords and Mutual Authentication</A
-></H2
-><P
->AFS uses two related mechanisms to ensure that only authorized users access the filespace: passwords and mutual
- authentication. Both mechanisms require that a user prove his or her identity.</P
-><P
->When you first identify yourself to AFS, you must provide the password associated with your username, to prove that you
- are who you say you are. When you provide the correct password, you become <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->authenticated</I
-></SPAN
-> and your Cache
- Manager receives a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->token</I
-></SPAN
->. A token is a package of information that is scrambled by an AFS authentication
- program using your AFS password as a key. Your Cache Manager can unscramble the token because it knows your password and AFS's
- method of scrambling. </P
-><P
->The token acts as proof to AFS server programs that you are authenticated as a valid AFS user. It serves as the basis
- for the second means through which AFS creates security, called <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->mutual authentication</I
-></SPAN
->. Under mutual
- authentication, both parties communicating across the network prove their identities to one another. AFS requires mutual
- authentication whenever a server and client (most often, a Cache Manager) communicate with each other.</P
-><P
->The mutual authentication protocol that AFS uses is designed to make it very difficult for people to authenticate
- fraudulently. When your Cache Manager contacts a File Server on your behalf, it sends the token you obtained when you
- authenticated. The token is encrypted with a key that only an AFS File Server can know. If the File Server can decrypt your
- token, it can communicate with your Cache Manager. In turn, the Cache Manager accepts the File Server as genuine because the
- File Server can decrypt and use the information in the token. </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_21"
->Access Control Lists</A
-></H2
-><P
->AFS uses <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->access control lists</I
-></SPAN
-> (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->ACLs</I
-></SPAN
->) to determine who can access the
- information in the AFS filespace. Each AFS directory has an ACL to specify what actions different users can perform on that
- directory and its files. An ACL can contain up to about 20 entries for users, groups, or both; each entry lists a user or
- group and the permissions it possesses.</P
-><P
->The owner of a directory and system administrators can always administer an ACL. Users automatically own their home
- directories and subdirectories. Other non-owner users can define a directory's ACL only if specifically granted that
- permission on the ACL. For more information on ACLs, see <A
-HREF="c1444.html"
->Protecting Your Directories and Files</A
->
- .</P
-><P
->A group is composed of one or more users and client machines. If a user belongs to a group that appears on an ACL, the
- user gets all of the permissions granted to that group, just as if the user were listed directly on the ACL. Similarly, if a
- user is logged into a client machine that belongs to a group, the user has all of the permissions granted to that group. For
- instructions on defining and using groups, see <A
-HREF="c2454.html"
->Using Groups</A
->.</P
-><P
->All users who can access your cell's filespace, authenticated or not, are automatically assigned to a group called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
->. For a discussion of placing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group on ACLs, see <A
-HREF="c1444.html#HDRWQ51"
->Extending Access to Users from Foreign
- Cells</A
->.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->You can use the UNIX mode bits to control access on specific files within an AFS directory; however, the effect of
- these mode bits is different under AFS than in the standard UNIX file system. See <A
-HREF="c113.html#HDRWQ16"
->File and Directory
- Protection</A
->.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ13"
->Differences Between UNIX and AFS</A
-></H1
-><P
->AFS is designed to be similar to the UNIX file system. For instance, many of the basic UNIX file manipulation commands
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cp</B
-></SPAN
-> for copy, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rm</B
-></SPAN
-> for remove, and so on) are the same in AFS as
- they are as in UNIX. All of your application programs work as they did before. The following sections describe some of the
- differences between a standard UNIX file system and AFS.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ14"
->File Sharing</A
-></H2
-><P
->AFS enables users to share remote files as easily as local files. To access a file on a remote machine in AFS, you
- simply specify the file's pathname. In contrast, to access a file in a remote machine's UNIX file system, you must log into
- the remote machine or create a mount point on the local machine that points to a directory in the remote machine's UNIX file
- system.</P
-><P
->AFS users can see and share all the files under the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> root directory, given the
- appropriate privileges. An AFS user who has the necessary privileges can access a file in any AFS cell, simply by specifying
- the file's pathname. File sharing in AFS is not restricted by geographical distances or operating system differences.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ15"
->Login and Authentication</A
-></H2
-><P
->To become an authenticated AFS user, you need to provide a password to AFS.
-
- <UL
-><LI
-><P
->On machines that use an AFS-modified login utility, logging in is a one-step process; your initial login
- automatically authenticates you with AFS.</P
-></LI
-><LI
-><P
->On machines that do not use an AFS-modified login utility, you must perform two steps.
-
- <OL
-TYPE="1"
-><LI
-><P
->Log in to your local machine.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
->
- argument to authenticate with AFS and get your token.</P
-></LI
-></OL
->
-</P
-></LI
-></UL
->
-</P
-><P
->Your system administrator can tell you whether your machine uses an AFS-modified login utility or not. Then see the
- login instructions in <A
-HREF="c569.html#HDRWQ21"
->Logging in and Authenticating with AFS</A
->.</P
-><P
->AFS authentication passwords are stored in special AFS database, rather than in the local password file (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/etc/passwd</B
-></SPAN
-> or equivalent). If your machine uses an AFS-modified login utility, you can change your
- password with a single command. If your machine does not use an AFS-modified login utility, you must issue separate commands
- to change your AFS and local passwords. See <A
-HREF="c569.html#HDRWQ36"
->Changing Your Password</A
->.
- </P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ16"
->File and Directory Protection</A
-></H2
-><P
->AFS does not rely on the mode bit protections of a standard UNIX system (though its protection system does interact with
- these mode bits). Instead, AFS uses an access control list (ACL) to control access to each directory and its contents. The
- following list summarizes the differences between the two methods:
-
- <UL
-><LI
-><P
->UNIX mode bits specify three types of access permissions: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->x</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->execute</B
-></SPAN
->). An AFS ACL uses seven types of permissions: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lock</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->). For more information, see <A
-HREF="c1444.html#HDRWQ46"
->The AFS ACL Permissions</A
-> and <A
-HREF="c1444.html#HDRWQ59"
->How AFS Uses the UNIX Mode
- Bits</A
->.</P
-></LI
-><LI
-><P
->The three sets of mode bits on each UNIX file or directory enable you to grant permissions to three users or groups
- of users: the file or directory's owner, the group that owns the file or directory, and all other users. An ACL can
- accommodate up to about 20 entries, each of which extends certain permissions to a user or group. Unlike standard UNIX, a
- user can belong to an unlimited number of groups, and groups can be defined by both users and system administrators. See
- <A
-HREF="c2454.html"
->Using Groups</A
->.</P
-></LI
-><LI
-><P
->UNIX mode bits are set individually on each file and directory. An ACL applies to all of the files in a directory.
- While at first glance the AFS method possibly seems less precise, in actuality (given a proper directory structure) there
- are no major disadvantages to directory-level protections and they are easier to establish and maintain.</P
-></LI
-></UL
->
-</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ17"
->Machine Outages</A
-></H2
-><P
->The kinds of failures you experience when a standard UNIX file system goes down are different than when one or more
- individual AFS file server machines become unavailable. When a standard UNIX file system is inaccessible, the system simply
- locks up and you can lose changes to any files with which you were working.</P
-><P
->When an AFS file server machine becomes inaccessible, you cannot access the files on that machine. If a copy of the file
- is available from another file server machine, however, you do not necessarily even notice the server outage. This is because
- AFS gives your cell's system administrators the ability to store copies of popular programs on multiple file servers. The
- Cache Manager chooses between the copies automatically; when one copy becomes unavailable, the Cache Manager simply chooses
- another.</P
-><P
->If there are no other copies of a file that is stored on an inaccessible server machine, you can usually continue to use
- the copy stored in your client machine's local AFS cache. However, you cannot save changes to files stored on an inaccessible
- file server machine until it is accessible again.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ18"
->Remote Commands</A
-></H2
-><P
->
- The UNIX <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->remote commands</I
-></SPAN
-> enable you
- to run programs on a remote machine without establishing a connection to it by using a program such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
->. Many of the remote commands (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ftp</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rcp</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rsh</B
-></SPAN
->) remain available in AFS, depending on how your
- administrators have configured them. If the remote machine has a Cache Manager, your token is used there also and you are
- authenticated while the remote command runs. If the remote machine does not run a Cache Manager, you receive the following
- message:</P
-><PRE
-CLASS="programlisting"
-> Warning: unable to authenticate.
-</PRE
-><P
->In this case, you are logged into the remote machine's UNIX file system, but you are not authenticated to AFS. You can
- access the local files on the remote machine and the AFS directories that grant access to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group, but you cannot access protected AFS directories.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
-></H2
-><P
->This section summarizes differences in the functionality of some commonly issued UNIX commands.
-
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod </B
-></SPAN
-></DT
-><DD
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can use this command to turn on
- the setuid, setgid or sticky mode bits on AFS files. (For more information about this group, see <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
->.)</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chown </B
-></SPAN
-></DT
-><DD
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can issue this command on AFS
- files.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chgrp </B
-></SPAN
-></DT
-><DD
-><P
->Only members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can issue this command on AFS
- files and directories.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->groups </B
-></SPAN
-></DT
-><DD
-><P
->If the user's AFS tokens are identified by a process authentication group (PAG), the output of this command
- includes two large numbers. For a description of PAGs, see <A
-HREF="c569.html#HDRWQ24"
->Authenticating with
- AFS</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->inetd </B
-></SPAN
-></DT
-><DD
-><P
->The AFS version of this daemon authenticates remote issuers of the AFS-modified <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rcp</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rsh</B
-></SPAN
-> commands with AFS.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->login utilities </B
-></SPAN
-></DT
-><DD
-><P
->AFS-modified login utilities both log you into the local UNIX file system and authenticate you with AFS.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ln </B
-></SPAN
-></DT
-><DD
-><P
->You cannot use this command to create a hard link between files that reside in different AFS directories. You must
- add the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-s</B
-></SPAN
-> option to create a symbolic link instead.</P
-></DD
-></DL
-></DIV
->
-</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ19"
->Using AFS with NFS</A
-></H1
-><P
->Some cells use the Networking File System (NFS) in addition to AFS. If you work on an NFS client machine, your system
- administrator can configure it to access the AFS filespace through a program called the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->NFS/AFS
- Translator</I
-></SPAN
-><SUP
->TM</SUP
->. See <A
-HREF="a3632.html"
->Appendix A, Using the NFS/AFS
- Translator</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="f24.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c569.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->About This Guide</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Using AFS</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Protecting Your Directories and Files</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Displaying Information about AFS"
-HREF="c1095.html"><LINK
-REL="NEXT"
-TITLE="Using Groups"
-HREF="c2454.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c1095.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c2454.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ44"
-></A
->Chapter 4. Protecting Your Directories and Files</H1
-><P
->This chapter explains how to protect AFS files and directories by defining permissions on an access control list.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ45"
->Access Control Lists</A
-></H1
-><P
->AFS augments and refines the standard UNIX scheme for controlling access to files and directories. Instead of using mode
- bits to define access permissions for individual files, as UNIX does, AFS stores an <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->access control list</I
-></SPAN
->
- (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->ACL</I
-></SPAN
->) with each directory. It defines which users and groups can access the directory and the files it
- contains, and in what manner. An ACL can store up to about 20 entries, each of which pairs a user or group and a set of
- permissions. AFS defines seven permissions rather than the three that UNIX uses.</P
-><P
->Another refinement to the standard UNIX protection scheme is that users can define their own protection
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->groups</I
-></SPAN
-> and then place the groups on ACLs as though they were individual users. A group can include both
- users and machines. Each user who belongs to a group inherits all of the permissions granted to the group on the ACL. Similarly,
- all users who are logged into a machine that belongs to a group inherits all of the permissions granted to the group. You can
- create groups to place on ACLs and also use groups that other users have created. To learn more about group creation, see <A
-HREF="c2454.html"
->Using Groups</A
->.</P
-><P
->In addition, AFS defines two system groups called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
->. By placing them on ACLs, you can grant access to large numbers of users at once. See
- <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
->.</P
-><P
->Although AFS uses ACLs to protect files and directories, it also uses the UNIX mode bits to a limited extent. See <A
-HREF="c1444.html#HDRWQ59"
->How AFS Uses the UNIX Mode Bits</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_81"
->Directory Level Access Control</A
-></H2
-><P
->As noted, AFS associates an ACL with each directory, and it applies to all of the files stored in the directory. Files
- do not have separate ACLs. Defining access at the directory level has several consequences: <UL
-><LI
-><P
->The permissions on a directory's ACL apply to all of the files in the directory. When you move a file to a
- different directory, you effectively change its permissions to those on its new directory's ACL. Changing a directory's
- ACL changes the protection on all the files in it.</P
-></LI
-><LI
-><P
->When you create a subdirectory, it inherits the current ACL of its parent directory. You can then set the
- subdirectory's ACL to be different from its parent's. However, do not make the ACL on the parent directory more
- restrictive than on a subdirectory, because that can prevent users from accessing the subdirectory even when they have
- the necessary permissions on its ACL. Specifically, a user must have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission (defined in <A
-HREF="c1444.html#HDRWQ46"
->The AFS ACL Permissions</A
->) on the
- parent directory to reach its subdirectories. </P
-></LI
-></UL
-></P
-><P
->As a general rule, it makes sense to grant fairly liberal access to your home directory. If you need to protect certain
- files more closely, place them in subdirectories that have more restrictive ACLs.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ46"
->The AFS ACL Permissions</A
-></H1
-><P
->There are seven standard AFS ACL permissions. Functionally, they fall into two groups: one that applies to the directory
- itself and one that applies to the files.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ47"
->The Four Directory Permissions</A
-></H2
-><P
->The four permissions in this group are meaningful with respect to the directory itself. For example, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) permission does not control addition of data to a file, but
- rather creation of a new file or subdirectory. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The l (lookup) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission functions as something of a gate keeper for access to the directory and its files, because a
- user must have it in order to exercise any other permissions. In particular, a user must have this permission to
- access anything in the directory's subdirectories. </P
-><P
->This permission enables a user to issue the following commands: <UL
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> command to list the names of the files and subdirectories in the
- directory</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> command to obtain complete status information for the
- directory element itself</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command to examine the directory's ACL</P
-></LI
-></UL
-></P
-><P
->This permission does not enable a user to read the contents of a file in the directory or to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> commands with a filename as the argument.
- Those operations require the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission,
- which is described in <A
-HREF="c1444.html#HDRWQ48"
->The Three File Permissions</A
->.</P
-><P
->Similarly, this permission does not enable a user to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
->, or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- commands against a subdirectory of the directory. Those operations require the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->
- permission on the ACL of the subdirectory itself.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The i (insert) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to add new files to the directory, either by creating or copying, and to create
- new subdirectories. It does not extend into any subdirectories, which are protected by their own ACLs. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The d (delete) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to remove files and subdirectories from the directory or move them into other
- directories (assuming that the user has the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> permission on the ACL of the other
- directories). </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The a (administer) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to change the directory's ACL. Members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group implicitly have this permission on every directory (that is, even
- if that group does not appear on the ACL). Similarly, the owner of a directory implicitly has this permission on its
- ACL and those of all directories below it. </P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ48"
->The Three File Permissions</A
-></H2
-><P
->The three permissions in this group are meaningful with respect to files in a directory, rather than the directory
- itself or its subdirectories. <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The r (read) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to read the contents of files in the directory and to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command to stat the file elements. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The w (write) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to modify the contents of files in the directory and to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod</B
-></SPAN
-> command to change their UNIX mode bits. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->The k (lock) permission</B
-></SPAN
-></DT
-><DD
-><P
->This permission enables a user to run programs that issue system calls to lock files in the directory.
- </P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_85"
->The Eight Auxiliary Permissions</A
-></H2
-><P
->AFS provides eight additional permissions that do not have a defined meaning. They are denoted by the uppercase letters
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->B</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->C</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->D</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->E</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->F</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->G</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->H</B
-></SPAN
->.</P
-><P
->Your system administrator can choose to write application programs that assign a meaning to one or more of the
- permissions, and then place them on ACLs to control file access by those programs. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- listacl</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> commands to display and set the auxiliary permissions on
- ACLs just like the standard seven.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_86"
->Shorthand Notation for Sets of Permissions</A
-></H2
-><P
->You can combine the seven permissions in any way in an ACL entry, but certain combinations are more useful than others.
- Four of the more common combinations have corresponding shorthand forms. When using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setacl</B
-></SPAN
-> command to define ACL entries, you can provide either one or more of the individual letters that represent
- the permissions, or one of the following shorthand forms: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-></DT
-><DD
-><P
->Represents all seven standard permissions (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwka</B
-></SPAN
->) </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-></DT
-><DD
-><P
->Removes the entry from the ACL, leaving the user or group with no permission </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
-></DT
-><DD
-><P
->Represents the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permissions </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
-></DT
-><DD
-><P
->Represents all permissions except <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->): <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwk</B
-></SPAN
-> </P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ49"
->About Normal and Negative Permissions</A
-></H2
-><P
->ACLs enable you both to grant and to deny access to a directory and the files in it. To grant access, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to create an ACL entry that associates a set of permissions with a user or group, as
- described in <A
-HREF="c1444.html#HDRWQ54"
->Changing an ACL</A
->. When you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command to display an ACL (as described in <A
-HREF="c1444.html#HDRWQ52"
->Displaying an ACL</A
->), such entries appear underneath
- the following header, which uses the term <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->rights</I
-></SPAN
-> to refer to permissions:</P
-><PRE
-CLASS="programlisting"
-> Normal rights
-</PRE
-><P
->There are two ways to deny access: <OL
-TYPE="1"
-><LI
-><P
->The recommended method is simply to omit an entry for the user or group from the ACL, or to omit the appropriate
- permissions from an entry. Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to remove or edit an existing
- entry. In most cases, this method is enough to prevent access of certain kinds or by certain users. You must take care,
- however, not to grant the undesired permissions to any groups to which such users belong.</P
-></LI
-><LI
-><P
->The more explicit method for denying access is to place an entry on the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->negative permissions</I
-></SPAN
->
- section of an ACL, by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setacl</B
-></SPAN
-> command. For instructions, see <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL
- Permissions</A
->. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command displays the negative permissions section of
- an ACL underneath the following header: <PRE
-CLASS="programlisting"
-> Negative rights
-</PRE
-></P
-><P
->When determining what type of access to grant to a user, AFS first examines all of the entries in the normal
- permissions section of the ACL. It then subtracts any permissions associated with the user (or with groups to which the
- user belongs) on the negative permissions section of the ACL. Therefore, negative permissions always cancel out normal
- permissions.</P
-><P
->Negative permissions can be confusing, because they reverse the usual meaning of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs
- setacl</B
-></SPAN
-> command. In particular, combining the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-> shorthand and the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag is a double negative: by removing an entry from the negative permissions
- section of the ACL, you enable a user once again to obtain permissions via entries in the normal permissions section.
- Combining the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-> shorthand with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag
- explicitly denies all permissions.</P
-><P
->It is useless to create an entry in the negative permissions section if an entry in the normal permissions section
- grants the denied permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group. In this case, users can
- obtain the permissions simply by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command to discard their tokens. When
- they do so, AFS recognizes them as the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user, who belongs to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group but does not match the entries on the negative permissions section of the
- ACL.</P
-></LI
-></OL
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_88"
->Setting DFS ACLs</A
-></H2
-><P
->If your machine is configured to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit, then you can use
- the AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> commands to display and set
- the ACLs on DFS directories and files that you own. However, DFS uses a slightly different set of permissions and a different
- syntax for ACL entries. See the DFS documentation or ask your system administrator.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ50"
->Using the System Groups on ACLs</A
-></H1
-><P
-> AFS defines two <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->system groups</I
-></SPAN
-> that grant access to a large number of users at once when
- placed on an ACL. However, you cannot control the membership of these groups, so consider carefully what kind of permissions you
- wish to give them. (You do control the membership of the groups you own; see <A
-HREF="c2454.html"
->Using Groups</A
->.)
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-></DT
-><DD
-><P
->Includes anyone who can access the cell's file tree, including users who have tokens in the local cell, users who
- have logged in on a local AFS client machine but have not obtained tokens (such as the local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->), and users who have connected to a local machine from outside the cell. Creating an ACL
- entry for this group is the only way to extend access to AFS users from foreign cells, unless your system administrator
- creates local authentication accounts for them. </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-></DT
-><DD
-><P
->Includes all users who have a valid AFS token obtained from the local cell's AFS authentication service.</P
-></DD
-></DL
-></DIV
-></P
-><P
->The third system group, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
->, includes a small group of administrators
- who have extensive permissions in the cell. You do not generally need to put this group on your ACLs, because its members always
- have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission on every ACL, even if the
- group does not appear on it.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_90"
->Enabling Access to Subdirectories</A
-></H2
-><P
->A user must have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission on a directory to access its subdirectories in any
- way. Even if users have extensive permissions on a subdirectory, they cannot access it if the parent directory's ACL does not
- grant the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission.</P
-><P
->You can grant the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission in one of three ways: grant it to a system group
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
->), grant it to individual
- users, or grant it to one or more groups of users defined by you or other users (see <A
-HREF="c2454.html"
->Using
- Groups</A
->). Granting the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group is the easiest option and is generally secure because the permission only enables
- users to list the contents of the directory, not to read the files in it. If you want to enable only locally authenticated
- users to list a directory's contents, substitute the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group. Your system administrator has possibly already created an entry on your home
- directory's ACL that grants the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_91"
->Extending Access to Service Processes</A
-></H2
-><P
->It is sometimes necessary to grant more extensive permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
->
- group so that processes that provide printing and mail delivery service can work correctly. For example, printing processes
- sometimes need the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> permission in addition to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
->
- permission. A mail delivery process possibly needs the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> permission to place new messages in
- your mail directory. Your system administrator has probably already created the necessary ACL entries. If you notice an ACL
- entry for which the purpose is unclear, check with your system administrator before removing it.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ51"
->Extending Access to Users from Foreign Cells</A
-></H2
-><P
-> The only way to grant access to users from foreign cells who do not have an account in your cell is to put the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group on an ACL. Remember, however, that such an entry extends access to
- everyone who can reach your cell, not just the AFS users from foreign cells that you have in mind.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ52"
->Displaying an ACL</A
-></H1
-><P
->To display the ACL associated with a file or directory, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
->
- command.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Note for AFS/DFS Migration Toolkit users:</B
-></SPAN
-> If the machine on which you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command is configured to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit,
- you can use the command to display the ACL on DFS files and directories. To display a DFS directory's Initial Container or
- Initial Object ACL instead of the regular one, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flag. For more information, ask your system administrator.
- The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter ignores the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flags if you include them when displaying an AFS ACL.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ53"
->To display an ACL</A
-></H2
-><OL
-TYPE="1"
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->><SUP
->+</SUP
->]
-</PRE
-></P
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->la</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->listacl</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lista</B
-></SPAN
-> is the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><VAR
-CLASS="replaceable"
->dir/file path</VAR
-></B
-></SPAN
-></DT
-><DD
-><P
->Names one or more files or directories for which to display the ACL. For a file, the output displays the ACL
- on its directory. If you omit this argument, the output is for the current working directory. Partial pathnames are
- interpreted relative to the current working directory. You can also use the following notation on its own or as part
- of a pathname: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
-></DT
-><DD
-><P
->(A single period). Specifies the current working directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->..</B
-></SPAN
-></DT
-><DD
-><P
->(Two periods). Specifies the current working directory's parent directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->*</B
-></SPAN
-></DT
-><DD
-><P
->(The asterisk). Specifies each file and subdirectory in the current working directory. The ACL
- displayed for a file is always the same as for its directory, but the ACL for each subdirectory can
- differ.</P
-></DD
-></DL
-></DIV
-></P
-></DD
-></DL
-></DIV
-></LI
-></OL
-><P
->The output for each file or directory specified as <VAR
-CLASS="replaceable"
->dir/file path</VAR
-> begins with the following
- header to identify it:</P
-><PRE
-CLASS="programlisting"
-> Access list for <VAR
-CLASS="replaceable"
->dir/file path</VAR
-> is
-</PRE
-><P
->The <SAMP
-CLASS="computeroutput"
->Normal rights</SAMP
-> header appears on the next line, followed by lines that each pair a
- user or group name and a set of permissions. The permissions appear as the single letters defined in <A
-HREF="c1444.html#HDRWQ46"
->The AFS ACL Permissions</A
->, and always in the order <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwka</B
-></SPAN
->. If there
- are any negative permissions, the <SAMP
-CLASS="computeroutput"
->Negative rights</SAMP
-> header appears next, followed by pairs of
- negative permissions.</P
-><P
->If the following error message appears instead of an ACL, you do not have the permissions needed to display an ACL. To
- specify a directory name as the <VAR
-CLASS="replaceable"
->dir/file path</VAR
-> argument, you must have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on the ACL. To specify a filename, you must also
- have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission on its directory's ACL.</P
-><PRE
-CLASS="programlisting"
-> fs: You don't have the required access permissions on '<VAR
-CLASS="replaceable"
->dir/file path</VAR
->'
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_95"
->Example: Displaying the ACL on One Directory</A
-></H2
-><P
->The following example displays the ACL on user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->'s home directory in the ABC
- Corporation cell:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs la /afs/abc.com/usr/terry</B
-></SPAN
->
- Access list for /afs/abc.com/usr/terry is
- Normal rights:
- system:authuser rl
- pat rlw
- terry rlidwka
- Negative rights:
- terry:other-dept rl
- jones rl
-</PRE
-><P
->where <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
-> are individual users, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> is a system group, and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:other-dept</B
-></SPAN
-> is a group that <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> owns. The list of
- normal permissions grants all permissions to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlw</B
-></SPAN
->
- permissions to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rl</B
-></SPAN
-> permissions to the members of
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group.</P
-><P
->The list of negative permissions denies the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rl</B
-></SPAN
-> permissions to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->jones</B
-></SPAN
-> and the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:other-dept</B
-></SPAN
-> group. These entries
- effectively prevent them from accessing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->'s home directory in any way; they cancel out
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rl</B
-></SPAN
-> permissions extended to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group,
- which is the only entry on the normal permissions section of the ACL that possibly applies to them.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_96"
->Example: Displaying the ACLs on Multiple Directories</A
-></H2
-><P
->The following example illustrates how you can specify pathnames in different ways, and the appearance of the output for
- multiple directories. It displays the ACL for three directories: the current working directory (which is a subdirectory of
- user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->'s home directory), the home directory for user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, and another subdirectory of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->'s home directory called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->plans</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl . /afs/abc.com/usr/pat ../plans</B
-></SPAN
->
- Access list for . is
- Normal rights:
- system:anyuser rl
- pat:dept rliw
- Access list for /afs/abc.com/usr/pat is
- Normal rights:
- system:anyuser rl
- pat rlidwka
- terry rliw
- Access list for ../plans is
- Normal rights:
- terry rlidwka
- pat rlidw
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ54"
->Changing an ACL</A
-></H1
-><P
->To add, remove, or edit ACL entries, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command. By default, the command
- manipulates entries on the normal permissions section of the ACL. To manipulate entries on the negative permissions section,
- include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag as instructed in <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit
- Negative ACL Permissions</A
->.</P
-><P
->You can change any ACL on which you already have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permission. You always have the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permission on the ACL of every directory that you own, even if you accidentally remove that
- permission from the ACL. (The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -ld</B
-></SPAN
-> command reports a directory's owner.) Your system
- administrator normally designates you as the owner of your home directory and its subdirectories, and you possibly own other
- directories also.</P
-><P
->If an ACL entry already exists for the user or group you specify, then the new permissions completely replace the existing
- permissions rather than being added to them. In other words, when issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
->
- command, you must include all permissions that you want to grant to a user or group.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Note for AFS/DFS Migration Toolkit users:</B
-></SPAN
-> If the machine on which you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command is configured to access a DCE cell's DFS filespace via the AFS/DFS Migration Toolkit,
- you can use the command to set the ACL on DFS files and directories. To set a DFS directory's Initial Container or Initial
- Object ACL instead of the regular one, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flag. For more information, ask your system administrator.
- The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter ignores the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flags if you include them when setting an AFS ACL.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to edit entries in the normal permissions section of the
- ACL. To remove an entry, specify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-> shorthand as the permissions. If an ACL entry
- already exists for a user or group, the permissions you specify completely replace those in the existing entry. </P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->><SUP
->+</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->access list entries</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sa</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setacl</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->seta</B
-></SPAN
-> is
- the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-></DT
-><DD
-><P
->Names one or more directories to which to apply the ACL entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument. Partial pathnames are interpreted relative to the current working directory. You
- can also use the following notation on its own or as part of a pathname: <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->.</B
-></SPAN
-></DT
-><DD
-><P
->(A single period). If used by itself, sets the ACL on the current working directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->..</B
-></SPAN
-></DT
-><DD
-><P
->(Two periods). If used by itself, sets the ACL on the current working directory's parent
- directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->*</B
-></SPAN
-></DT
-><DD
-><P
->(The asterisk). Sets the ACL on each of the subdirectories in the current working directory. You must
- precede it with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> switch, since it potentially designates multiple
- directories. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter generates the following error message
- for each file in the directory: <PRE
-CLASS="programlisting"
-> fs: '<VAR
-CLASS="replaceable"
->filename</VAR
->': Not a directory
-</PRE
-></P
-></DD
-></DL
-></DIV
-></P
-><P
->If you specify only one directory (or file) name, you can omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> switches. For more on omitting switches, see <A
-HREF="a3812.html"
->Appendix B,
- AFS Command Syntax and Online Help</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more ACL entries, each of which pairs a user or group name and a set of permissions. Separate
- the pairs, and the two parts of each pair, with one or more spaces.</P
-><P
->To define the permissions, provide either:</P
-><UL
-><LI
-><P
->One or more of the letters that represent the standard or auxiliary permissions (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwka</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ABCDEFGH</B
-></SPAN
->), in any order</P
-></LI
-><LI
-><P
->One of the four shorthand notations: <UL
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
-> (equals <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwka</B
-></SPAN
->)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-> (removes the entry)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
-> (equals <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rl</B
-></SPAN
->)</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
-> (equals <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->rlidwk</B
-></SPAN
->)</P
-></LI
-></UL
-></P
-></LI
-></UL
-><P
->On a single command line, you can combine user and group entries. Also, you can both combine individual letters
- and use the shorthand notations, but not within a single pair.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_99"
->Example: Adding a Single ACL Entry</A
-></H2
-><P
->Either of the following example commands grants user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions on the ACL of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->notes</B
-></SPAN
-> subdirectory of the current working directory. They illustrate how it is possible to omit the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> switches when you name only one
- directory.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sa notes pat rl</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sa pat read</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_100"
->Example: Setting Several ACL Entries on One Directory</A
-></H2
-><P
->The following example edits the ACL for the current working directory. It removes the entry for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group, and adds two entries: one grants all permissions except <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> to the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:colleagues</B
-></SPAN
-> group and the other grants
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> group.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs sa -dir . -acl system:anyuser none terry:colleagues write</B
-></SPAN
-> \
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser rl</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-> flag to
- edit entries in the negative permissions section of the ACL. To remove an entry, specify the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none</B
-></SPAN
-> shorthand as the permissions. If an ACL entry already exists for a user or group, the permissions
- you specify completely replace those in the existing entry. </P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->><SUP
->+</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->access list entries</VAR
->><SUP
->+</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
->
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sa</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setacl</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->seta</B
-></SPAN
-> is
- the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-></DT
-><DD
-><P
->Names one or more directories to which to apply the negative ACL entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument. For a detailed description of acceptable values, see <A
-HREF="c1444.html#HDRWQ55"
->To
- Add, Remove, or Edit Normal ACL Permissions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more ACL entries, each of which pairs a user or group name and a set of permissions. Separate
- the pairs, and the two parts of each pair, with one or more spaces. For a detailed description of acceptable values,
- see <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->. Keep in mind that the usual meaning
- of each permission is reversed.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-></DT
-><DD
-><P
->Places the entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument on the negative permissions
- section of the ACL for each directory named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-> argument.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_102"
->Example: Setting an Entry in the Negative Permissions Section</A
-></H2
-><P
->User <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> has granted all access permissions except <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->
- to the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
-> on her <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->plans</B
-></SPAN
-> subdirectory.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd /afs/abc.com/usr/terry</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl plans</B
-></SPAN
->
- Access control list for plans is
- Normal rights:
- system:anyuser rl
- terry:team rlidwk
- terry rlidwka
-</PRE
-><P
->However, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> notices that one of the members of the group, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, has been making inappropriate changes to files. To prevent this without removing <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> from the group or changing the permissions for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
->
- group, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> creates an entry on the negative permissions section of the ACL that denies the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> permissions to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl plans pat wd -negative</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl plans</B
-></SPAN
->
- Access control list for plans is
- Normal rights:
- system:anyuser rl
- terry:team rlidwk
- terry: rlidwka
- Negative rights:
- pat wd
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_103"
->Example: Restoring Access by Removing an Entry from the Negative Permissions Section</A
-></H2
-><P
->In the previous example, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> put <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> on the
- negative permissions section of ACL for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->plans</B
-></SPAN
-> subdirectory. But the result has been
- inconvenient and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> has promised not to change files any more. To enable <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> to exercise all permissions granted to the members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
-> group, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> removes the entry for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> from the negative permissions section of the ACL.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl plans pat none -negative</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl plans</B
-></SPAN
->
- Access control list for plans is
- Normal rights:
- system:anyuser rl
- terry:team rlidwk
- terry rlidwka
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ57"
->Completely Replacing an ACL</A
-></H1
-><P
->It is sometimes simplest to clear an ACL completely before defining new permissions on it, for instance if the mix of
- normal and negative permissions makes it difficult to understand how their interaction affects access to the directory. To clear
- an ACL completely while you define new entries, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> flag on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command. When you include this flag, you can create entries on either the normal permissions or
- the negative permissions section of the ACL, but not on both at once.</P
-><P
->Remember to create an entry for yourself. As the owner of the directory, you always have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission required to replace a deleted entry, but the
- effects the effects of a missing ACL entry can be confusing enough to make it difficult to realize that the problem is a missing
- entry. In particular, the lack of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission
- prevents you from using any shorthand notation in pathnames (such as a period for the current working directory or two periods
- for the parent directory).</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_105"
->To Replace an ACL Completely</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> flag to
- clear the ACL completely before setting either normal or negative permissions. Because you need to grant the owner of the
- directory all permissions, it is better in most cases to set normal permissions at this point. </P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->><SUP
->+</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->access list entries</VAR
->><SUP
->+</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
->]
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sa</B
-></SPAN
-></DT
-><DD
-><P
->Is an acceptable alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->setacl</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->seta</B
-></SPAN
-> is
- the shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-dir</B
-></SPAN
-></DT
-><DD
-><P
->Names one or more directories to which to apply the ACL entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument. For a detailed description of acceptable values, see <A
-HREF="c1444.html#HDRWQ55"
->To
- Add, Remove, or Edit Normal ACL Permissions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-></DT
-><DD
-><P
->Specifies one or more ACL entries, each of which pairs a user or group name and a set of permissions. Separate
- the pairs, and the two parts of each pair, with one or more spaces. Remember to grant all permissions to the owner of
- the directory. For a detailed description of acceptable values, see <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit
- Normal ACL Permissions</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-></DT
-><DD
-><P
->Removes all entries from each ACL before creating the entries indicated by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-negative</B
-></SPAN
-></DT
-><DD
-><P
->Places the entries defined by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> argument on the negative permissions
- section of each ACL.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_106"
->Example: Replacing an ACL</A
-></H2
-><P
->The following example clears the ACL on the current working directory and creates entries that grant all permissions to
- user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> and all permissions except <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> to user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl . terry all pat write -clear</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl .</B
-></SPAN
->
- Access control list for . is
- Normal rights:
- terry rlidwka
- pat rlidwk
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ58"
->Copying ACLs Between Directories</A
-></H1
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl</B
-></SPAN
-> command copies a source directory's ACL to one or more destination
- directories. It does not affect the source ACL at all, but changes each destination ACL as follows: <UL
-><LI
-><P
->If an entry on the source ACL does not exist on the destination ACL, the command copies it to the destination
- ACL.</P
-></LI
-><LI
-><P
->If an entry on the destination ACL does not also exist on the source ACL, the command does not remove it unless you
- include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-> flag, which overwrites the destination ACL completely.</P
-></LI
-><LI
-><P
->If an entry is on both ACLs, the command changes the destination ACL entry to match the source ACL entry.</P
-></LI
-></UL
-></P
-><P
->To copy an ACL, you must have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission on the source ACL and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permission on each destination ACL. If you identify the source directory by naming a file in it, you
- must also have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> permission on the source ACL. To display the permissions you have on the
- two directories, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command as described in <A
-HREF="c1444.html#HDRWQ52"
->Displaying
- an ACL</A
->.</P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Note for AFS/DFS Migration Toolkit users:</B
-></SPAN
-> If the machine on which you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl</B
-></SPAN
-> command is configured for access to a DCE cell's DFS filespace via the AFS/DFS Migration
- Toolkit, you can use the command to copy ACLs between DFS files and directories also. The command includes <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flags for altering a DFS directory's Initial Container and
- Initial Object ACLs as well as its regular ACL; for details, ask your system administrator. You cannot copy ACLs between AFS and
- DFS directories, because they use different ACL formats. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs</B
-></SPAN
-> command interpreter ignores the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-id</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-if</B
-></SPAN
-> flags if you include them when copying AFS
- ACLs.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_108"
->To Copy an ACL Between Directories</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl</B
-></SPAN
-> command to copy a source ACL to the ACL on one or more destination
- directories.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl -fromdir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->source directory</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-todir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->destination directory</VAR
->><SUP
->+</SUP
-> \
- [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
->]
-</PRE
-><P
->where <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->co</B
-></SPAN
-></DT
-><DD
-><P
->Is the shortest acceptable abbreviation for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->copyacl</B
-></SPAN
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-fromdir</B
-></SPAN
-></DT
-><DD
-><P
->Names the source directory from which to copy the ACL. Partial pathnames are interpreted relative to the current
- working directory. If this argument names a file, the ACL is copied from its directory.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-todir</B
-></SPAN
-></DT
-><DD
-><P
->Names each destination directory to which to copy the source ACL. Partial pathnames are interpreted relative to
- the current working directory. Filenames are not acceptable.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-clear</B
-></SPAN
-></DT
-><DD
-><P
->Completely overwrites each destination directory's ACL with the source ACL.</P
-></DD
-></DL
-></DIV
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_109"
->Example: Copying an ACL from One Directory to Another</A
-></H2
-><P
->In this example, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> copies the ACL from her home directory (the current working
- directory) to its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->plans</B
-></SPAN
-> subdirectory. She begins by displaying both ACLs.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl . plans</B
-></SPAN
->
- Access list for . is
- Normal rights:
- terry rlidwka
- pat rlidwk
- jones rl
- Access list for plans is
- Normal rights:
- terry rlidwka
- pat rl
- smith rl
-
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs copyacl -from . -to plans</B
-></SPAN
->
-
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl . plans</B
-></SPAN
->
- Access list for . is
- Normal rights:
- terry rlidwka
- pat rlidwk
- jones rl
- Access list for plans is
- Normal rights:
- terry rlidwka
- pat rlidwk
- jones rl
- smith rl
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ59"
->How AFS Uses the UNIX Mode Bits</A
-></H1
-><P
->Although AFS protects data primarily with ACLs rather than mode bits, it does not ignore the mode bits entirely. An
- explanation of how mode bits work in the UNIX file system is outside the scope of this document, and the following discussion
- assumes you understand them; if necessary, see your UNIX documentation. Also, the following discussion does not cover the
- setuid, setgid or sticky bits. If you need to understand how those bits work on AFS files, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS
- Administration Guide</I
-></SPAN
-> or ask your system administrator.</P
-><P
->AFS uses the UNIX mode bits in the following way:</P
-><UL
-><LI
-><P
->It uses the initial bit to distinguish files and directories. This is the bit that appears first in the output from
- the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command and shows the hyphen (<SAMP
-CLASS="computeroutput"
->-</SAMP
->) for a file or
- the letter <SAMP
-CLASS="computeroutput"
->d</SAMP
-> for a directory.</P
-></LI
-><LI
-><P
->It does not use any of the mode bits on a directory. The AFS ACL alone controls directory access.</P
-></LI
-><LI
-><P
->For a file, the owner (first) set of bits interacts with the ACL entries that apply to the file in the following way.
- AFS does not use the group or world (second and third sets) of mode bits at all. <UL
-><LI
-><P
->If the first <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> mode bit is not set, no one (including the owner) can read the
- file, no matter what permissions they have on the ACL. If the bit is set, users also need the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions on the ACL of the file's directory to read
- the file.</P
-></LI
-><LI
-><P
->If the first <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> mode bit is not set, no one (including the owner) can modify the
- file. If the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> bit is set, users also need the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions on the ACL of the file's directory to modify the file.</P
-></LI
-><LI
-><P
->There is no ACL permission directly corresponding to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->x</B
-></SPAN
-> mode bit, but to
- execute a file stored in AFS, the user must also have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions on the ACL of the file's directory.</P
-></LI
-></UL
-></P
-></LI
-></UL
-><P
->When you issue the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod</B
-></SPAN
-> command on an AFS file or directory, AFS changes the bits
- appropriately. To change a file's mode bits, you must have the AFS <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> permission on the ACL of
- the file's directory. To change a directory's mode bits, you must have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
->, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions on its ACL. </P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_111"
->Example: Disabling Write Access for a File</A
-></H2
-><P
-></P
-><P
->Suppose <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> is chairing a committee that is writing a proposal. As each section is
- approved, she turns off write access to that file to prevent further changes. For example, the following <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod</B
-></SPAN
-> command turns off the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> mode bits on the file <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->proposal.chap2</B
-></SPAN
->. This makes it impossible for anyone to change the file, no matter what permissions are
- granted on the directory ACL.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->chmod -w proposal.chap2</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
->
- -rw-r--r-- 1 terry 573 Nov 10 09:57 conclusion
- -r--r--r-- 1 terry 573 Nov 15 10:34 intro
- -r--r--r-- 1 terry 573 Dec 1 15:07 proposal.chap2
- -rw-r--r-- 1 terry 573 Nov 10 09:57 proposal.chap3
- -rw-r--r-- 1 terry 573 Nov 10 09:57 proposal.chap4
-</PRE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c1095.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c2454.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Displaying Information about AFS</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Using Groups</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Using Groups</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Protecting Your Directories and Files"
-HREF="c1444.html"><LINK
-REL="NEXT"
-TITLE="Troubleshooting"
-HREF="c3402.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c1444.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c3402.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ60"
-></A
->Chapter 5. Using Groups</H1
-><P
->This chapter explains how to create groups and discusses different ways to use them.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ61"
->About Groups</A
-></H1
-><P
->An AFS <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->group</I
-></SPAN
-> is a list of specific users that you can place on access control lists (ACLs). Groups
- make it much easier to maintain ACLs. Instead of creating an ACL entry for every user individually, you create one entry for a
- group to which the users belong. Similarly, you can grant a user access to many directories at once by adding the user to a
- group that appears on the relevant ACLs.</P
-><P
->AFS client machines can also belong to a group. Anyone logged into the machine inherits the permissions granted to the
- group on an ACL, even if they are not authenticated with AFS. In general, groups of machines are useful only to system
- administrators, for specialized purposes like complying with licensing agreements your cell has with software vendors. Talk with
- your system administrator before putting a client machine in a group or using a machine group on an ACL. </P
-><P
->To learn about AFS file protection and how to add groups to ACLs, see <A
-HREF="c1444.html"
->Protecting Your Directories
- and Files</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ62"
->Suggestions for Using Groups Effectively</A
-></H2
-><P
->There are three typical ways to use groups, each suited to a particular purpose: private use, shared use, and group use.
- The following are only suggestions. You are free to use groups in any way you choose.</P
-><UL
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Private use</I
-></SPAN
->: you create a group and place it on the ACL of directories you own, without
- necessarily informing the group's members that they belong to it. Members notice only that they can or cannot access the
- directory in a certain way. You retain sole administrative control over the group, since you are the owner. </P
-><P
->The existence of the group and the identity of its members is not necessarily secret. Other users can see the
- group's name on an ACL when they use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command, and can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to display + the groups to which they themselves belong. You can, however,
- limit who can display the members of the group, as described in <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related
- Information</A
->.</P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Shared use</I
-></SPAN
->: you inform the group's members that they belong to the group, but you are the
- group's sole owner and administrator. For example, the manager of a work group can create a group of all the members in
- the work group, and encourage them to use it on the ACLs of directories that house information they want to share with
- other members of the group. <DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If you place a group owned by someone else on your ACLs, the group's owner can change the group's membership
- without informing you. Someone new can gain or lose access in a way you did not intend and without your
- knowledge.</P
-></BLOCKQUOTE
-></DIV
-></P
-></LI
-><LI
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->Group use</I
-></SPAN
->: you create a group and then use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
->
- command to assign ownership to a group--either another group or the group itself (the latter type is a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->self-owned</I
-></SPAN
-> group). You inform the members of the owning group that they all can administer the owned
- group. For instructions for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command, see <A
-HREF="c2454.html#HDRWQ73"
->To Change
- a Group's Owner</A
->. </P
-><P
->The main advantage of designating a group as an owner is that several people share responsibility for administering
- the group. A single person does not have to perform all administrative tasks, and if the group's original owner leaves the
- cell, there are still other people who can administer it.</P
-><P
->However, everyone in the owner group can make changes that affect others negatively: adding or removing people from
- the group inappropriately or changing the group's ownership to themselves exclusively. These problems can be particularly
- sensitive in a self-owned group. Using an owner group works best if all the members know and trust each other; it is
- probably wise to keep the number of people in an owner group small.</P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ63"
->Group Names</A
-></H2
-><P
->The groups you create must have names with two parts, in the following format:</P
-><P
-><VAR
-CLASS="replaceable"
->owner_name</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
-><VAR
-CLASS="replaceable"
->group_name</VAR
-></P
-><P
->The <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix indicates which user or group owns the group (naming rules appear in
- <A
-HREF="c2454.html#HDRWQ69"
->To Create a Group</A
->). The <VAR
-CLASS="replaceable"
->group_name</VAR
-> part indicates the group's
- purpose or its members' common interest. Group names must always be typed in full, so a short
- <VAR
-CLASS="replaceable"
->group_name</VAR
-> is most practical. However, names like <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:1</B
-></SPAN
-> and
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:2</B
-></SPAN
-> that do not indicate the group's purpose are less useful than names like <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:project</B
-></SPAN
->.</P
-><P
->Groups that do not have the <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix possibly appear on some ACLs; they are created
- by system administrators only. All of the groups you create must have an <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_116"
->Group-creation Quota</A
-></H2
-><P
->By default, you can create 20 groups, but your system administrators can change your <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->group-creation
- quota</I
-></SPAN
-> if appropriate. When you create a group, your group quota decrements by one. When a group that you created is
- deleted, your quota increments by one, even if you are no longer the owner. You cannot increase your quota by transferring
- ownership of a group to someone else, because you are always recorded as the creator.</P
-><P
->If you exhaust your group-creation quota and need to create more groups, ask your system administrator. For instructions
- for displaying your group-creation quota, see <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ64"
->Displaying Group Information</A
-></H1
-><P
->You can use the following commands to display information about groups and the users who belong to them:</P
-><UL
-><LI
-><P
->To display the members of a group, or the groups to which a user belongs, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- membership</B
-></SPAN
-> command.</P
-></LI
-><LI
-><P
->To display the groups that a user or group owns, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
->
- command.</P
-></LI
-><LI
-><P
->To display general information about a user or group, including its name, AFS ID, creator, and owner, use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command.</P
-></LI
-></UL
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:authuser</B
-></SPAN
-> system groups
- do not appear in a user's list of group memberships, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command does not
- display their members. For more information on the system groups, see <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on
- ACLs</A
->.</P
-></BLOCKQUOTE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ65"
->To Display Group Membership</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to display the members of a group, or the groups to
- which a user belongs.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->user or group name or id</VAR
-> specifies the name or AFS UID of each user for which to
- display group membership, or the name or AFS GID of each group for which to display the members. If identifying a group by its
- AFS GID, precede the GID with a hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) to indicate that it is a negative number.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_119"
->Example: Displaying the Members of a Group</A
-></H2
-><P
->The following example displays the members of the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership terry:team</B
-></SPAN
->
- Members of terry:team (id: -286) are:
- terry
- smith
- pat
- johnson
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_120"
->Example: Displaying the Groups to Which a User Belongs</A
-></H2
-><P
->The following example displays the groups to which users <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> belong.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership terry pat</B
-></SPAN
->
- Groups terry (id: 1022) is a member of:
- smith:friends
- pat:accounting
- terry:team
- Groups pat (id: 1845) is a member of:
- pat:accounting
- sam:managers
- terry:team
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ66"
->To Display the Groups a User or Group Owns</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command to display the groups that a user or group owns.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->user or group name or id</VAR
-> specifies the name or AFS UID of each user, or the name or AFS
- GID of each group, for which to display group ownership. If identifying a group by its AFS GID, precede the GID with a hyphen
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) to indicate that it is a negative number.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_122"
->Example: Displaying the Groups a Group Owns</A
-></H2
-><P
->The following example displays the groups that the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
-> owns.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned -286</B
-></SPAN
->
- Groups owned by terry:team (id: -286) are:
- terry:project
- terry:planners
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_123"
->Example: Displaying the Groups a User Owns</A
-></H2
-><P
->The following example displays the groups that user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> owns.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned pat</B
-></SPAN
->
- Groups owned by pat (id: 1845) are:
- pat:accounting
- pat:plans
-
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ67"
->To Display A Group Entry</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command to display general information about a user or group,
- including its name, AFS ID, creator, and owner.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->user or group name or id</VAR
-> specifies the name or AFS UID of each user, or the name or AFS
- GID of each group, for which to display group-related information. If identifying a group by its AFS GID, precede the GID with
- a hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) to indicate that it is a negative number.</P
-><P
->The output includes information in the following fields:</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->Name</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->For users, this is the character string typed when logging in. For machines, the name is the IP address; a zero in
- address field acts as a wildcard, matching any value. For most groups, this is a name of the form
- <VAR
-CLASS="replaceable"
->owner_name</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
-><VAR
-CLASS="replaceable"
->group_name</VAR
->. Some
- groups created by your system administrator do not have the <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix. See <A
-HREF="c2454.html#HDRWQ63"
->Group Names</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->id</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->This is a unique identification number that the AFS server processes use internally. It is similar in function to
- a UNIX UID, but operates in AFS rather than the UNIX file system. Users and machines have positive integer AFS user IDs
- (UIDs), and groups have negative integer AFS group IDs (GIDs). </P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->owner</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->This is the user or group that owns the entry and so can administer it.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->creator</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->The name of the user who issued the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts createuser</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- creategroup</B
-></SPAN
-> command to create the entry. This field is useful mainly as an audit trail and cannot be
- changed.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->membership</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->For users and machines, this indicates how many groups the user or machine belongs to. For groups, it indicates
- how many members belong to the group. This number cannot be set explicitly.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->flags</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->This field indicates who is allowed to list certain information about the entry or change it in certain ways. See
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><SAMP
-CLASS="computeroutput"
->group quota</SAMP
-></B
-></SPAN
-></DT
-><DD
-><P
->This field indicates how many more groups a user is allowed to create. It is set to 20 when a user entry is
- created. The creation quota for machines or groups is meaningless because it not possible to authenticate as a machine
- or group.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_125"
->Example: Listing Information about a Group</A
-></H2
-><P
->The following example displays information about the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat:accounting</B
-></SPAN
->, which
- includes members of the department that <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> manages. Notice that the group is self-owned,
- which means that all of its members can administer it.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine pat:accounting</B
-></SPAN
->
- Name: pat:accounting, id: -673, owner: pat:accounting, creator: pat,
- membership: 15, flags: S-M--, group quota: 0
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_126"
->Example: Listing Group Information about a User</A
-></H2
-><P
->The following example displays group-related information about user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->. The two most
- interesting fields are <SAMP
-CLASS="computeroutput"
->membership</SAMP
->, which shows that <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->
- belongs to 12 groups, and <SAMP
-CLASS="computeroutput"
->group quota</SAMP
->, which shows that <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->
- can create another 17 groups.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine pat</B
-></SPAN
->
- Name: pat, id: 1045, owner: system:administrators, creator: admin,
- membership: 12, flags: S-M--, group quota: 17
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ68"
->Creating Groups and Adding Members</A
-></H1
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-> command to create a group and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- adduser</B
-></SPAN
-> command to add members to it. Users and machines can belong to groups, but other groups cannot.</P
-><P
->When you create a group, you normally become its owner automatically. This means you alone can administer it: add and
- remove members, change the group's name, transfer ownership of the group, or delete the group entirely. If you wish, you can
- designate another owner when you create the group, by including the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
-> argument to the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-> command. If you assign ownership to another group, the owning group must
- already exist and have at least one member. You can also change a group's ownership after creating it by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command as described in <A
-HREF="c2454.html#HDRWQ72"
->Changing a Group's Owner or Name</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ69"
->To Create a Group</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup</B
-></SPAN
-> command to create a group. Your group-creation quota
- decrements by one for each group.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup -name</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->>+ [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->owner of the group</VAR
->>]
-</PRE
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cg</B
-></SPAN
-></DT
-><DD
-><P
->Is an alias for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->creategroup</B
-></SPAN
-> (and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->createg</B
-></SPAN
-> is the
- shortest acceptable abbreviation).</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-name</B
-></SPAN
-></DT
-><DD
-><P
->Names each group to create. The name must have the following format:</P
-><P
-><VAR
-CLASS="replaceable"
->owner_name</VAR
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->:</B
-></SPAN
-><VAR
-CLASS="replaceable"
->group_name</VAR
-></P
-><P
->The <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix must accurately indicate the group's owner. By default, you are
- recorded as the owner, and the <VAR
-CLASS="replaceable"
->owner_name</VAR
-> must be your AFS username. You can include the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
-> argument to designate another AFS user or group as the owner, as long as you
- provide the required value in the <VAR
-CLASS="replaceable"
->owner_name</VAR
-> field: </P
-><UL
-><LI
-><P
->If the owner is a user, it must be the AFS username.</P
-></LI
-><LI
-><P
->If the owner is another regular group, it must match the owning group's <VAR
-CLASS="replaceable"
->owner_name</VAR
->
- field. For example, if the owner is the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:associates</B
-></SPAN
->, the owner field
- must be <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->If the owner is a group without an <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix, it must be the owning group's
- name.</P
-></LI
-></UL
-><P
->The name can include up to 63 characters including the colon. Use numbers and lowercase letters, but no spaces or
- punctuation characters other than the colon.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-owner</B
-></SPAN
-></DT
-><DD
-><P
->Is optional and assigns ownership to a user other than yourself, or to a group. If you specify a group, it must
- already exist and have at least one member. (This means that to make a group self-owned, you must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command after using this command to create the group, and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- adduser</B
-></SPAN
-> command to add a member. See <A
-HREF="c2454.html#HDRWQ72"
->Changing a Group's Owner or Name</A
->.)</P
-><P
->Do not name a machine as the owner. Because no one can authenticate as a machine, there is no way to administer a
- group owned by a machine.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_129"
->Example: Creating a Group</A
-></H2
-><P
-></P
-><P
->In the following example user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> creates a group to include all the other users in
- his work team, and then examines the new group entry.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts creategroup terry:team</B
-></SPAN
->
- group terry:team has id -286
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine terry:team</B
-></SPAN
->
- Name: terry:team, id: -286, owner: terry, creator: terry,
- membership: 0, flags: S----, group quota: 0.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ70"
->To Add Members to a Group</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> command to add one or more users to one or more groups. You can
- always add members to a group you own (either directly or because you belong to the owning group). If you belong to a group,
- you can add members if its fourth privacy flag is the lowercase letter <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->; see <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser -user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->><SUP
->+</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->You must add yourself to groups that you own, if that is appropriate. You do not belong automatically just because you
- own the group.</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If you already have a token when you are added to a group, you must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->
- command to reauthenticate before you can exercise the permissions granted to the group on ACLs.</P
-></BLOCKQUOTE
-></DIV
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the username of each user to add to the groups named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
->
- argument. Groups cannot belong to other groups.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-></DT
-><DD
-><P
->Names each group to which to add users.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_131"
->Example: Adding Members to a Group</A
-></H2
-><P
->In this example, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> adds himself, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->,
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->indira</B
-></SPAN
->, and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
-> to the group he just created, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
->, and then verifies the new list of members.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser -user terry pat indira smith -group terry:team</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts members terry:team</B
-></SPAN
->
- Members of terry:team (id: -286) are:
- terry
- pat
- indira
- smith
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
-></H1
-><P
->You can use the following commands to remove groups and their members:</P
-><UL
-><LI
-><P
->To remove a user from a group, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-> command</P
-></LI
-><LI
-><P
->To delete a group entirely, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> command</P
-></LI
-><LI
-><P
->To remove deleted groups from ACLs, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-> command</P
-></LI
-></UL
-><P
->When a group that you created is deleted, your group-creation quota increments by one, even if you no longer own the
- group.</P
-><P
->When a group or user is deleted, its AFS ID appears on ACLs in place of its AFS name. You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-> command to remove these obsolete entries from ACLs on which you have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_133"
->To Remove Members from a Group</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-> command to remove one or more members from one or more groups.
- You can always remove members from a group that you own (either directly or because you belong to the owning group). If you
- belong to a group, you can remove members if its fifth privacy flag is the lowercase letter <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
->; see <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->. (To display a group's
- owner, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command as described in <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group
- Entry</A
->.)</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser -user</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user name</VAR
->><SUP
->+</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-user</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the username of each user to remove from the groups named by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
->
- argument.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-group</B
-></SPAN
-></DT
-><DD
-><P
->Names each group from which to remove users.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_134"
->Example: Removing Group Members</A
-></H2
-><P
->The following example removes user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> from both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:friends</B
-></SPAN
-> groups.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser pat -group terry:team terry:friends</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_135"
->To Delete a Group</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> command to delete a group. You can always delete a group that you
- own (either directly or because you belong to the owning group). To display a group's owner, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- examine</B
-></SPAN
-> command as described in <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->user or group name or id</VAR
-> specifies the name or AFS UID of each user, or the name or AFS
- GID of each group, to delete. If identifying a group by its AFS GID, precede the GID with a hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) to indicate that it is a negative number.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_136"
->Example: Deleting a Group</A
-></H2
-><P
-></P
-><P
->In the following example, the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
-> is deleted.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts delete terry:team</B
-></SPAN
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_137"
->To Remove Obsolete ACL Entries</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-> command to remove obsolete entries from ACLs after the
- corresponding user or group has been deleted.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl</B
-></SPAN
-> [<<VAR
-CLASS="replaceable"
->dir/file path</VAR
->><SUP
->+</SUP
->]
-</PRE
-><P
->where <VAR
-CLASS="replaceable"
->dir/file path</VAR
-> name each directory for which to clean the ACL. If you omit this
- argument, the current working directory's ACL is cleaned.</P
-><P
-></P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_138"
->Example: Removing an Obsolete ACL Entry</A
-></H2
-><P
->After the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
-> is deleted, its AFS GID (-286) appears on ACLs instead of
- its name. In this example, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> cleans it from the ACL on the plans directory in his
- home directory.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl plans</B
-></SPAN
->
- Access list for plans is
- Normal rights:
- terry rlidwka
- -268 rlidwk
- sam rliw
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs cleanacl plans</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl plans</B
-></SPAN
->
- Access list for plans is
- Normal rights:
- terry rlidwka
- sam rliw
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ72"
->Changing a Group's Owner or Name</A
-></H1
-><P
->To change a group's owner, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command. To change its name, use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command.</P
-><P
->You can change the owner or name of a group that you own (either directly or because you belong to the owning group). You
- can assign group ownership to another user, another group, or the group itself. If you are not already a member of the group and
- need to be, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> command before transferring ownership, following the
- instructions in <A
-HREF="c2454.html#HDRWQ70"
->To Add Members to a Group</A
->.</P
-><P
->The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command automatically changes a group's
- <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix to indicate the new owner. If the new owner is a group, only its
- <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix is used, not its entire name. However, the change in
- <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix command does not propagate to any groups owned by the group whose owner is
- changing. If you want their <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefixes to indicate the correct owner, you must use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command.</P
-><P
->Otherwise, you normally use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change only the
- <VAR
-CLASS="replaceable"
->group_name</VAR
-> part of a group name (the part that follows the colon). You can change the
- <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix only to reflect the actual owner.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ73"
->To Change a Group's Owner</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command to change a group's name.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->group name</VAR
->> <<VAR
-CLASS="replaceable"
->new owner</VAR
->>
-</PRE
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><VAR
-CLASS="replaceable"
->group name</VAR
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the current name of the group to which to assign a new owner.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><VAR
-CLASS="replaceable"
->new owner</VAR
-></B
-></SPAN
-></DT
-><DD
-><P
->Names the user or group that is to own the group.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_141"
->Example: Changing a Group's Owner to Another User</A
-></H2
-><P
->In the following example, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> transfers ownership of the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat:staff</B
-></SPAN
-> to user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->. Its name changes automatically to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:staff</B
-></SPAN
->, as confirmed by the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown pat:staff terry</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine terry:staff</B
-></SPAN
->
- Name: terry:staff, id: -534, owner: terry, creator: pat,
- membership: 15, flags: SOm--, group quota: 0.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_142"
->Example: Changing a Group's Owner to Itself</A
-></H2
-><P
->In the following example, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> makes the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
-> group a self-owned group. Its name does not change because its
- <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix is already <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown terry:team terry:team</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine terry:team</B
-></SPAN
->
- Name: terry:team, id: -286, owner: terry:team, creator: terry,
- membership: 6, flags: SOm--, group quota: 0.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_143"
->Example: Changing a Group's Owner to a Group</A
-></H2
-><P
->In this example, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sam</B
-></SPAN
-> transfers ownership of the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->sam:project</B
-></SPAN
-> to the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith:cpa</B
-></SPAN
->. Its name changes automatically to
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith:project</B
-></SPAN
->, because <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
-> is the
- <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix of the group that now owns it. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
->
- command displays the group's status before and after the change.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine sam:project</B
-></SPAN
->
- Name: sam:project, id: -522, owner: sam, creator: sam,
- membership: 33, flags: SOm--, group quota: 0.
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown sam:project smith:cpa</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine smith:project</B
-></SPAN
->
- Name: smith:project, id: -522, owner: smith:cpa, creator: sam,
- membership: 33, flags: SOm--, group quota: 0.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_144"
->To Change a Group's Name</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change a group's name.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->old name</VAR
->> <<VAR
-CLASS="replaceable"
->new name</VAR
->>
-</PRE
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><VAR
-CLASS="replaceable"
->old name</VAR
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the group's current name.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
-><VAR
-CLASS="replaceable"
->new name</VAR
-></B
-></SPAN
-></DT
-><DD
-><P
->Specifies the complete new name to assign to the group. The <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix must
- correctly indicate the group's owner.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_145"
->Example: Changing a Group's <VAR
-CLASS="replaceable"
->group_name</VAR
-> Suffix</A
-></H2
-><P
->The following example changes the name of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith:project</B
-></SPAN
-> group to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith:fiscal-closing</B
-></SPAN
->. The group's <VAR
-CLASS="replaceable"
->owner_name</VAR
-> prefix remains <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->smith</B
-></SPAN
-> because its owner is not changing.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine smith:project</B
-></SPAN
->
- Name: smith:project, id: -522, owner: smith:cpa, creator: sam,
- membership: 33, flags: SOm--, group quota: 0.
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename smith:project smith:fiscal-closing</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine smith:fiscal-closing</B
-></SPAN
->
- Name: smith:fiscal-closing, id: -522, owner: smith:cpa, creator: sam,
- membership: 33, flags: SOm--, group quota: 0.
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_146"
->Example: Changing a Group's <VAR
-CLASS="replaceable"
->owner_name</VAR
-> Prefix</A
-></H2
-><P
->In a previous example, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
-> transferred ownership of the group <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat:staff</B
-></SPAN
-> to user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->. Its name changed automatically to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:staff</B
-></SPAN
->. However, a group that <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:staff</B
-></SPAN
-> owns is still called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat:plans</B
-></SPAN
->, because the change to a group's <VAR
-CLASS="replaceable"
->owner_name</VAR
-> that results
- from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts chown</B
-></SPAN
-> command does not propagate to any groups it owns. In this example, a
- member of <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:staff</B
-></SPAN
-> uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename</B
-></SPAN
-> command to change
- the name to <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:plans</B
-></SPAN
-> to reflect its actual ownership.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine pat:plans</B
-></SPAN
->
- Name: pat:plans, id: -535, owner: terry:staff, creator: pat,
- membership: 8, flags: SOm--, group quota: 0.
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts rename pat:plans terry:plans</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine terry:plans</B
-></SPAN
->
- Name: terry:plans, id: -535, owner: terry:staff, creator: pat,
- membership: 8, flags: SOm--, group quota: 0.
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ74"
->Protecting Group-Related Information</A
-></H1
-><P
->A group's <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->privacy flags</I
-></SPAN
-> control who can administer it in various ways. The privacy flags appear in
- the <SAMP
-CLASS="computeroutput"
->flags</SAMP
-> field of the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command
- command; see <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->. To set the privacy flags for a group you own, use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> command as instructed in <A
-HREF="c2454.html#HDRWQ75"
->To Set a Group's Privacy
- Flags</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRPRIVACY-FLAGS"
->Interpreting the Privacy Flags</A
-></H2
-><P
->The five privacy flags always appear, and always must be set, in the following order:</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command to display the entry.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->o</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command to list the groups that a user
- or group owns.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to list the groups a user or
- machine belongs to, or which users or machines belong to a group.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts adduser</B
-></SPAN
-> command to add a user or machine to a
- group.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-></DT
-><DD
-><P
->Controls who can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts removeuser</B
-></SPAN
-> command to remove a user or machine
- from a group.</P
-></DD
-></DL
-></DIV
-><P
->Each flag can take three possible types of values to enable a different set of users to issue the corresponding
- command:</P
-><UL
-><LI
-><P
->A hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) means that the group's owner can issue the command, along with the
- administrators who belong to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group.</P
-></LI
-><LI
-><P
->The lowercase version of the letter means that members of the group can issue the command, along with the users
- indicated by the hyphen.</P
-></LI
-><LI
-><P
->The uppercase version of the letter means that anyone can issue the command.</P
-></LI
-></UL
-><P
->For example, the flags <SAMP
-CLASS="computeroutput"
->SOmar</SAMP
-> on a group entry indicate that anyone can examine the
- group's entry and list the groups that it owns, and that only the group's members can list, add, or remove its members.</P
-><P
->The default privacy flags for groups are <SAMP
-CLASS="computeroutput"
->S-M--</SAMP
->, meaning that anyone can display the
- entry and list the members of the group, but only the group's owner and members of the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:administrators</B
-></SPAN
-> group can perform other functions.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ75"
->To Set a Group's Privacy Flags</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields</B
-></SPAN
-> command to set the privacy flags on one or more groups.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields -nameorid</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->user or group name or id</VAR
->><SUP
->+</SUP
->
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-access</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->set privacy flags</VAR
->>
-</PRE
-><P
->where</P
-><DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-nameorid</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the name or AFS GID of each group for which to set the privacy flags. If identifying a group by its AFS
- GID, precede the GID with a hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) to indicate that it is a negative number.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-access</B
-></SPAN
-></DT
-><DD
-><P
->Specifies the privacy flags to set for each group. Observe the following rules:</P
-><UL
-><LI
-><P
->Provide a value for all five flags in the order <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->somar</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Set the first flag to lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s</B
-></SPAN
-> or uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
-> only.</P
-></LI
-><LI
-><P
->Set the second flag to the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) or uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->O</B
-></SPAN
-> only. For groups, AFS interprets the hyphen as equivalent to lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->o</B
-></SPAN
-> (that is, members of a group can always list the groups that it owns).</P
-></LI
-><LI
-><P
->Set the third flag to the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->), lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
->, or uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->M</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Set the fourth flag to the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->), lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
->, or uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
->. The uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->A</B
-></SPAN
-> is not a secure choice, because it permits anyone to add members to the group.</P
-></LI
-><LI
-><P
->Set the fifth flag to the hyphen (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-</B
-></SPAN
->) or lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> only.</P
-></LI
-></UL
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_150"
->Example: Setting a Group's Privacy Flags</A
-></H2
-><P
->The following example sets the privacy flags on the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry:team</B
-></SPAN
-> group to set the
- indicated pattern of administrative privilege.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts setfields terry:team -access SOm--</B
-></SPAN
->
-
-</PRE
-><UL
-><LI
-><P
->Everyone can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts examine</B
-></SPAN
-> command to display general information about it
- (uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->S</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->Everyone can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts listowned</B
-></SPAN
-> command to display the groups it owns
- (uppercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->O</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->The members of the group can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts membership</B
-></SPAN
-> command to display the
- group's members (lowercase <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m</B
-></SPAN
->).</P
-></LI
-><LI
-><P
->Only the group's owner, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->, can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- adduser</B
-></SPAN
-> command to add members (the hyphen).</P
-></LI
-><LI
-><P
->Only the group's owner, user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->, can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pts
- removeuser</B
-></SPAN
-> command to remove members (the hyphen).</P
-></LI
-></UL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c1444.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c3402.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Protecting Your Directories and Files</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Troubleshooting</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Troubleshooting</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Using Groups"
-HREF="c2454.html"><LINK
-REL="NEXT"
-TITLE="Using the NFS/AFS Translator"
-HREF="a3632.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c2454.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="a3632.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ76"
-></A
->Chapter 6. Troubleshooting</H1
-><P
->This chapter explains how to investigate and solve some problems you can sometimes encounter when working with AFS files. To
- use the instructions, find the heading that describes your problem or matches the error message you received.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
-></H1
-><P
-> </P
-><OL
-TYPE="1"
-><LI
-><P
-><A
-NAME="LINOSAVE-TOKENS"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command to verify that you have valid
- tokens. For complete instructions, see <A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
-</PRE
-></P
-><UL
-><LI
-><P
->If your tokens are valid, proceed to Step <A
-HREF="c3402.html#LINOSAVE-FSCHECKS"
->2</A
->.</P
-></LI
-><LI
-><P
->If your do not have tokens for the relevant cell, or they are expired, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate. For complete instructions, see <A
-HREF="c569.html#HDRWQ29"
->To
- Authenticate with AFS</A
->. Then try accessing or saving the file again. If you are not successful, proceed to Step
- <A
-HREF="c3402.html#LINOSAVE-FSCHECKS"
->2</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->
-</PRE
-></P
-></LI
-></UL
-></LI
-><LI
-><P
-><A
-NAME="LINOSAVE-FSCHECKS"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command to check the
- status of file server machines. For complete instructions, see <A
-HREF="c1095.html#HDRWQ41"
->Checking the Status of Server
- Machines</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers &</B
-></SPAN
->
-</PRE
-></P
-><UL
-><LI
-><P
->If the following message appears, proceed to Step <A
-HREF="c3402.html#LINOSAVE-PERMS"
->3</A
->. <PRE
-CLASS="programlisting"
-> All servers are running.
-</PRE
-></P
-></LI
-><LI
-><P
->Output like the following indicates that your Cache Manager cannot reach the indicated file server machines.
- <PRE
-CLASS="programlisting"
-> These servers unavailable due to network or server problem:
- <VAR
-CLASS="replaceable"
->list of machines</VAR
->.
-</PRE
-></P
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis</B
-></SPAN
-> command to check if the file you are attempting to access or
- save is stored on one of the inaccessible file server machines. For complete instructions, see <A
-HREF="c1095.html#HDRWQ40"
->Locating Files and Directories</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs whereis</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>
-</PRE
-><P
->If your file is stored on an inaccessible machine, then you cannot access the file or save it back to the File
- Server until the machine is again accessible. If your file is on a machine that is not listed as inaccessible, proceed
- to Step <A
-HREF="c3402.html#LINOSAVE-PERMS"
->3</A
->.</P
-></LI
-></UL
-></LI
-><LI
-><P
-><A
-NAME="LINOSAVE-PERMS"
-></A
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> command to verify that you have
- the permissions you need for accessing, copying, or saving the file. For complete instructions, see <A
-HREF="c1444.html#HDRWQ53"
->To display an ACL</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>
-</PRE
-></P
-><P
->You need the indicated permissions:</P
-><UL
-><LI
-><P
->To access, copy, or save a file, you must have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission on the directory and on all directories above it in the pathname.</P
-></LI
-><LI
-><P
->To save changes to an existing file, you must in addition have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->) permission. To create a new file, you must in addition have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->) and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
->
- permissions.</P
-></LI
-><LI
-><P
->To copy a file between two directories, you must in addition have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
->
- (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->) permission on the source directory and the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
->
- permission on the destination directory.</P
-></LI
-></UL
-><P
->If you do not have the necessary permissions but own the directory, you always have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission even if you do not appear on the ACL.
- Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant yourself the necessary permissions. For complete
- instructions, see <A
-HREF="c1444.html#HDRWQ54"
->Changing an ACL</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->><SUP
->+</SUP
-> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->access list entries</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->If you do not have the necessary permissions and do not own the directory, ask the owner or a system administrator to
- grant them to you. If they add you to a group that has the required permissions, you must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to reauthenticate before you can exercise them.</P
-><P
->If you still cannot access the file even though you have the necessary permissions, contact your system administrator
- for help in investigating further possible causes of your problem. If you still cannot copy or save the file even though you
- have the necessary permissions, proceed to Step <A
-HREF="c3402.html#LINOSAVE-QUOTA"
->4</A
->.</P
-></LI
-><LI
-><P
-><A
-NAME="LINOSAVE-QUOTA"
-></A
->If copying a file, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> command to
- check whether the volume into which you are copying it, or the partition that houses that volume, is almost full. For
- saving, check the volume and partition that contain the directory into which you are saving the file. For complete
- instructions, see <A
-HREF="c1095.html#HDRWQ39"
->Displaying Volume Quota</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>
-</PRE
-></P
-><P
->The command produces output as in the following example:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listquota /afs/abc.com/usr/terry</B
-></SPAN
->
- Volume Name Quota Used % Used Partition
- user.terry 10000 3400 34% 86%
-</PRE
-><UL
-><LI
-><P
->If the value in the <SAMP
-CLASS="computeroutput"
->Partition</SAMP
-> field is not close to 100%, the partition is not
- almost full. Check the value in the <SAMP
-CLASS="computeroutput"
->% Used</SAMP
-> field. If it is close to 100%, then the
- volume is almost full. If possible, delete files from the volume that are no longer needed, or ask your system
- administrator to increase the volume's quota.</P
-><P
->If the value in the <SAMP
-CLASS="computeroutput"
->% Used</SAMP
-> field is not close to 100% (is, say, 90% or less),
- then it is unlikely that you are exceeding the volume's quota, unless the file is very large or the volume's quota is
- small. Contact your system administrator for help in investigating further possible causes of your problem.</P
-></LI
-><LI
-><P
->If the value in the <SAMP
-CLASS="computeroutput"
->Partition</SAMP
-> field is very close to 100%, the partition is
- possibly nearly full. However, server machine partitions are usually very large and can still have enough space for an
- average file when nearly full. You can either ask your system administrator about the partition's status, or issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> command. The final line in its output reports how many kilobyte blocks are
- still available on the partition. For complete instructions, see <A
-HREF="c1095.html#HDRWQ39"
->Displaying Volume Quota</A
->.
- <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs examine</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>
-</PRE
-></P
-><P
->If there is enough free space on the partition but you still cannot save the file, ask your system administrator
- for help in investigating further possible causes of your problem.</P
-></LI
-></UL
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ78"
->Problem: Accidentally Removed Your Entry from an ACL</A
-></H1
-><P
-> </P
-><OL
-TYPE="1"
-><LI
-><P
->If you own the directory from which you have accidentally removed your ACL entry, then you actually still have the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->) permission even if it does not appear on
- the ACL. You normally own your home directory and all of its subdirectories, for instance. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to grant yourself all other permissions. For complete instructions, see <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl -dir</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->directory</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-acl <</B
-></SPAN
-><VAR
-CLASS="replaceable"
->your_username</VAR
->> <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all</B
-></SPAN
->
-</PRE
-></P
-><P
->For <VAR
-CLASS="replaceable"
->directory</VAR
->, provide the complete pathname to the directory (for example, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com/usr/</B
-></SPAN
-><VAR
-CLASS="replaceable"
->your_username</VAR
->). This is necessary because AFS cannot
- interpret pathname abbreviations if you do not have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->) permission.</P
-></LI
-><LI
-><P
->If you do not own the directory, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> to check if any remaining
- entries grant you the permissions you need (perhaps you belong to one or more groups that appear on the ACL). For complete
- instructions, see <A
-HREF="c1444.html#HDRWQ53"
->To display an ACL</A
->. <PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs listacl</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->dir/file path</VAR
->>
-</PRE
-></P
-><UL
-><LI
-><P
->The following message displays the directory's ACL. If you need permissions that no entry currently grants you,
- ask the directory's owner or your system administrator for help. <PRE
-CLASS="programlisting"
-> Access list for <<VAR
-CLASS="replaceable"
->dir/file path</VAR
->> is
- Normal rights
- <VAR
-CLASS="replaceable"
->list of entries</VAR
->
-</PRE
-></P
-></LI
-><LI
-><P
->If the command returns the following error message instead of an ACL, then you do not have the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permission. <PRE
-CLASS="programlisting"
-> fs: You don't have the required access rights on '<VAR
-CLASS="replaceable"
->dir/file path</VAR
->'
-</PRE
-></P
-><P
->Ask the directory's owner or your system administrator to grant you the permissions you need. If they add you to a
- group that has the required permissions, you must issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to
- reauthenticate before you can exercise them.</P
-></LI
-></UL
-></LI
-></OL
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ79"
->Error Message: "afs: Lost contact with fileserver"</A
-></H1
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command to check the status of file server machines. For
- complete instructions, see <A
-HREF="c1095.html#HDRWQ41"
->Checking the Status of Server Machines</A
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers &</B
-></SPAN
->
-</PRE
-><UL
-><LI
-><P
->If the following message appears, ask your system administrator for assistance in diagnosing the cause of the
- <SAMP
-CLASS="computeroutput"
->Lost contact</SAMP
-> error message. <PRE
-CLASS="programlisting"
-> All servers are running.
-</PRE
-></P
-></LI
-><LI
-><P
->Output like the following indicates that your Cache Manager cannot reach the indicated file server machines. You must
- wait until they are again accessible before continuing to work with the files that are stored on them. <PRE
-CLASS="programlisting"
-> These servers unavailable due to network or server problem:
- <VAR
-CLASS="replaceable"
->list_of_machines</VAR
->.
-</PRE
-></P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="Header_155"
->Error Message: "<VAR
-CLASS="replaceable"
->command</VAR
->: Connection timed out"</A
-></H1
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs checkservers</B
-></SPAN
-> command as described in <A
-HREF="c3402.html#HDRWQ79"
->Error Message:
- afs: Lost contact with fileserver</A
->. </P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="Header_156"
->Error Message: "fs: You don't have the required access rights on '<VAR
-CLASS="replaceable"
->file</VAR
->'"</A
-></H1
-><P
->You do not have the ACL permissions you need to perform the operation you are attempting. If you own the directory and
- have accidentally removed yourself from the ACL, see <A
-HREF="c3402.html#HDRWQ78"
->Problem: Accidentally Removed Your Entry from an
- ACL</A
->. Otherwise, ask the directory's owner or your system administrator to grant you the appropriate permissions.
- </P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="Header_157"
->Error Message: "afs: failed to store file"</A
-></H1
-><P
->Follow the instructions in <A
-HREF="c3402.html#HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c2454.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="a3632.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Using Groups</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Using the NFS/AFS Translator</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Using AFS</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="An Introduction to AFS"
-HREF="c113.html"><LINK
-REL="NEXT"
-TITLE="Displaying Information about AFS"
-HREF="c1095.html"></HEAD
-><BODY
-CLASS="chapter"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="c113.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c1095.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="chapter"
-><H1
-><A
-NAME="HDRWQ20"
-></A
->Chapter 2. Using AFS</H1
-><P
->This chapter explains how to perform four basic AFS tasks: logging in and authenticating with AFS, ending an AFS session,
- accessing the AFS filespace, and changing your password.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ21"
->Logging in and Authenticating with AFS</A
-></H1
-><P
->To access the AFS filespace as an authenticated user, you must both log into an AFS client machine's local (UNIX) file
- system and authenticate with AFS. When you log in, you establish your local system identity. When you authenticate, you prove
- your identity to AFS and obtain a token, which your Cache Manager uses to prove your authenticated status to the AFS server
- processes it contacts on your behalf. Users who are not authenticated (who do not have a token) have limited access to AFS
- directories and files.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ22"
->Logging In</A
-></H2
-><P
->On machines that use an AFS-modified login utility, you log in and authenticate in one step. On machines that do not use
- an AFS-modified login utility, you log in and authenticate in separate steps. To determine which type of login utility your
- machine uses, you can check for AFS tokens after logging in, or ask your system administrator, who can also tell you about any
- differences between your login procedure and the two methods described here.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_33"
->To Log In Using an AFS-modified Login Utility</A
-></H2
-><P
->Provide your username at the <SAMP
-CLASS="computeroutput"
->login:</SAMP
-> prompt that appears when you establish a new
- connection to a machine. Then provide your password at the <SAMP
-CLASS="computeroutput"
->Password:</SAMP
-> prompt as shown in the
- following example. (Your password does not echo visibly on the screen.)</P
-><PRE
-CLASS="programlisting"
-> login: <VAR
-CLASS="replaceable"
->username</VAR
->
- Password: <VAR
-CLASS="replaceable"
->password</VAR
->
-</PRE
-><P
->If you are not sure which type of login utility is running on your machine, it is best to issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command to check if you are authenticated; for instructions, see <A
-HREF="c569.html#HDRWQ30"
->To
- Display Your Tokens</A
->. If you do not have tokens, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command as described in
- <A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
->.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ23"
->To Log In Using a Two-Step Login Procedure</A
-></H2
-><P
->If your machine does not use an AFS-modified login utility, you must perform a two-step procedure:
-
- <OL
-TYPE="1"
-><LI
-><P
->Log in to your client machine's local file system by providing a user name and password at the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->login</B
-></SPAN
-> program's prompts.</P
-></LI
-><LI
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate with AFS. Include the command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
-> argument to associate your token with a special identification number called a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->PAG</I
-></SPAN
-> (for <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->process authentication group</I
-></SPAN
->). For a description of PAGs, see <A
-HREF="c569.html#HDRWQ25"
->Protecting Your Tokens with a PAG</A
->. <PRE
-CLASS="programlisting"
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog -setpag</B
-></SPAN
->
- Password: <VAR
-CLASS="replaceable"
->your_AFS_password</VAR
->
-</PRE
-></P
-></LI
-></OL
->
-</P
-><DIV
-CLASS="note"
-><BLOCKQUOTE
-CLASS="note"
-><P
-><B
->Note: </B
->If your machine uses a two-step login procedure, you can choose to use different passwords for logging in and
- authenticating. It is simplest to use the same one for both, though. Talk with your system administrator.</P
-></BLOCKQUOTE
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ24"
->Authenticating with AFS</A
-></H2
-><P
->To work most effectively in the AFS filespace, you must authenticate with AFS. When you do, your Cache Manager is given
- a token as proof of your authenticated status. It uses your token when requesting services from AFS servers, which accept the
- token as proof of your authenticated status. If you do not have a token, AFS servers consider you to be the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user and your access to AFS filespace is limited: you have only the ACL permissions granted
- to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group. </P
-><P
->You can obtain new tokens (reauthenticate) at any time, even after using an AFS-modified login utility, which logs you
- in and authenticates you in one step. Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command as described in <A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
->.</P
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ25"
->Protecting Your Tokens with a PAG</A
-></H3
-><P
->To make your access to AFS as secure as possible, it is best to associate your tokens with a unique identification
- number called a <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->PAG</I
-></SPAN
-> (for <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->process authentication group</I
-></SPAN
->).
- AFS-modified login utilities automatically create a PAG and associate the new
- token with it. To create a PAG when you use the two-step login procedure, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->
- command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
-> flag. If you do not use this flag, your tokens are associated with your
- UNIX UID number instead. This type of association has two potential drawbacks:
-
- <UL
-><LI
-><P
->Anyone who can assume your local UNIX identity can use your tokens. The local superuser <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> can always use the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->su</B
-></SPAN
-> command to assume your UNIX UID,
- even without knowing your password.</P
-></LI
-><LI
-><P
->In some environments, certain programs cannot use your tokens even when it is appropriate for them to do so. For
- example, printing commands such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lp</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lpr</B
-></SPAN
-> possibly
- cannot access the files you want to print, because they cannot use your tokens.</P
-></LI
-></UL
->
-</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ26"
->Obtaining Tokens For Foreign Cells</A
-></H3
-><P
->A token is valid only in one cell (the cell whose AFS authentication service issued it). The AFS server processes in
- any other cell consider you to be the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> user unless you have an account in the cell
- and authenticate with its AFS authentication service.</P
-><P
->To obtain tokens in a foreign cell, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument to the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command. You can have tokens for your home cell and one or more foreign cells at the same
- time.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ27"
->The One-Token-Per-Cell Rule</A
-></H3
-><P
->You can have only one token per cell for each PAG you have obtained on a client machine. If you already have a token
- for a particular cell and issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command, the new token overwrites the existing
- one. Getting a new token is useful if your current token is almost expired but you want to continue accessing AFS files. For
- a discussion of token expiration, see <A
-HREF="c569.html#HDRWQ28"
->Token Lifetime</A
->.</P
-><P
->To obtain a second token for the same cell, you must either login on a different machine or establish another separate
- connection to the machine where you already have a token (by using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->telnet</B
-></SPAN
-> utility, for
- example). You get a new PAG for each separate machine or connection, and can use the associated tokens only while working on
- that machine or connection.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_39"
->Obtaining Tokens as Another User</A
-></H3
-><P
->You can authenticate as another username if you know the associated password. (It is, of course, unethical to use
- someone else's tokens without permission.) If you use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command to authenticate as
- another AFS username, you retain your own local (UNIX) identity, but the AFS server processes recognize you as the other
- user. The new token replaces any token you already have for the relevant cell (for the reason described in <A
-HREF="c569.html#HDRWQ27"
->The One-Token-Per-Cell Rule</A
->).</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="HDRWQ28"
->Token Lifetime</A
-></H3
-><P
->Tokens have a limited lifetime. To determine when your tokens expire, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command as described in <A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
->. If you are ever
- unable to access AFS in a way that you normally can, issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command tells you
- whether an expired token is a possible reason.</P
-><P
->Your cell's administrators set the default lifetime of your token. The AFS authentication service never grants a token
- lifetime longer than the default, but you can request a token with a shorter lifetime. See the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> reference page in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
-> to learn how to use
- its <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-lifetime</B
-></SPAN
-> argument for this purpose.</P
-></DIV
-><DIV
-CLASS="sect3"
-><H3
-CLASS="sect3"
-><A
-NAME="Header_41"
->Authenticating for DFS Access</A
-></H3
-><P
->If your machine is configured to access a DCE cell's DFS filespace by means of the AFS/DFS Migration Toolkit, you can
- use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dlog</B
-></SPAN
-> command to authenticate with DCE. The <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dlog</B
-></SPAN
->
- command has no effect on your ability to access AFS filespace.</P
-><P
->If your system administrator has converted your AFS account to a DCE account and you are not sure of your DCE
- password, use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dpass</B
-></SPAN
-> command to display it. You must be authenticated as the AFS user
- whose AFS account was converted to a DCE account, and be able to provide the correct AFS password. Like the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dlog</B
-></SPAN
-> command, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dpass</B
-></SPAN
-> command has no functionality with respect to
- AFS.</P
-><P
->For more information on using the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dlog</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->dpass</B
-></SPAN
->
- commands, see your system administrator.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ29"
->To Authenticate with AFS</A
-></H2
-><P
->If your machine is not using an AFS-modified login utility, you must authenticate after login by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command. You can also issue this command at any time to obtain a token with a later expiration
- date than your current token.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
->] [<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->cell name</VAR
->>]
- Password: <VAR
-CLASS="replaceable"
->your_AFS_password</VAR
->
-</PRE
-><P
->where
-
- <DIV
-CLASS="variablelist"
-><DL
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-setpag</B
-></SPAN
-></DT
-><DD
-><P
->Associates the resulting tokens with a PAG (see <A
-HREF="c569.html#HDRWQ25"
->Protecting Your Tokens with a PAG</A
->).
- Include this flag the first time you obtain a token for a particular cell during a login session or connection. Do not
- include it when refreshing the token for a cell during the same session.</P
-></DD
-><DT
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-></DT
-><DD
-><P
->Names the cell for which to obtain the token. You must have an account in the cell.</P
-></DD
-></DL
-></DIV
->
-</P
-><P
->Your password does not echo visibly appear on the screen. When the command shell prompt returns, you are an
- authenticated AFS user. You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command to verify that you are authenticated,
- as described in the following section.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ30"
->To Display Your Tokens</A
-></H2
-><P
->Use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command to display your tokens.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
-</PRE
-><P
->The following output indicates that you have no tokens:</P
-><PRE
-CLASS="programlisting"
-> Tokens held by the Cache Manager:
- --End of list--
-</PRE
-><P
->If you have one or more tokens, the output looks something like the following example, in which the tokens for AFS UID
- 1022 in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> cell expire on August 3 at 2:35 p.m. The tokens for AFS UID 9554 in the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu.edu</B
-></SPAN
-> cell expire on August 4 at 1:02 a.m.</P
-><PRE
-CLASS="programlisting"
-> Tokens held by the Cache Manager:
- User's (AFS ID 1022) tokens for afs@abc.com [Expires Aug 3 14:35]
- User's (AFS ID 9554) tokens for afs@stateu.edu [Expires Aug 4 1:02]
- --End of list--
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_44"
->Example: Authenticating in the Local Cell</A
-></H2
-><P
->Suppose that user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> cannot save a file. He uses the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command and finds that his tokens have expired. He reauthenticates in his local cell under his
- current identity by issuing the following command:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
->
- Password: <VAR
-CLASS="replaceable"
->terry's_password</VAR
->
-</PRE
-><P
->The he issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command to make sure he is authenticated.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- User's (AFS ID 4562) tokens for afs@abc.com [Expires Jun 22 14:35]
- --End of list--
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_45"
->Example: Authenticating as a Another User</A
-></H2
-><P
->Now <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> authenticates in his local cell as another user, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->. The new token replaces <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
->'s existing token, because the Cache
- Manager can store only one token per cell per login session on a machine.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog pat</B
-></SPAN
->
- Password: <VAR
-CLASS="replaceable"
->pat's_password</VAR
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- User's (AFS ID 4278) tokens for afs@abc.com [Expires Jun 23 9:46]
- --End of list--
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_46"
->Example: Authenticating in a Foreign Cell</A
-></H2
-><P
->Now <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> authenticates in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu.edu</B
-></SPAN
-> cell where
- his account is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ts09</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog ts09 -cell stateu.edu</B
-></SPAN
->
- Password: <VAR
-CLASS="replaceable"
->ts09's_password</VAR
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- User's (AFS ID 4562) tokens for afs@abc.com [Expires Jun 22 14:35]
- User's (AFS ID 8346) tokens for afs@stateu.edu [Expires Jun 23 1:02]
- --End of list--
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ31"
->Limits on Failed Authentication Attempts</A
-></H2
-><P
->Your system administrator can choose to limit the number of times that you fail to provide the correct password when
- authenticating with AFS (using either an AFS-modified login utility or the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command). If
- you exceed the limit, the AFS authentication service refuses further authentication attempts for a period of time set by your
- system administrator. The purpose of this limit is to prevent unauthorized users from breaking into your account by trying a
- series of passwords.</P
-><P
->To determine if your user account is subject to this limit, ask your system administrator or issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command as described in <A
-HREF="c569.html#HDRWQ32"
->To Display Your Failed Authentication Limit
- and Lockout Time</A
->.</P
-><P
->The following message indicates that you have exceeded the limit on failed authentication attempts.</P
-><PRE
-CLASS="programlisting"
-> Unable to authenticate to AFS because ID is locked - see your system admin
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ32"
->To Display Your Failed Authentication Limit and Lockout Time</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command to determine if there is a limit on the number of
- unsuccessful authentication attempts for your user account and any associated lockout time. You can examine only your own
- account. The fourth line of the output reports the maximum number of times you can provide an incorrect password before being
- locked out of your account. The <SAMP
-CLASS="computeroutput"
->lock time</SAMP
-> field on the next line reports how long the AFS
- authentication service refuses authentication attempts after the limit is exceeded.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> <VAR
-CLASS="replaceable"
->your_username</VAR
->
- Password for <VAR
-CLASS="replaceable"
->your_username</VAR
->: <VAR
-CLASS="replaceable"
->your_AFS_password</VAR
->
-</PRE
-><P
->The following example displays the output for the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->, who is allowed nine failed
- authentication attempts. The lockout time is 25.5 minutes.</P
-><PRE
-CLASS="programlisting"
-> User data for pat
- key (15) cksum is 3414844392, last cpw: Thu Oct 21 16:05:44 1999
- password will expire: Fri Nov 26 20:44:36 1999
- 9 consecutive unsuccessful authentications are permitted.
- The lock time for this user is 25.5 minutes.
- User is not locked.
- entry never expires. Max ticket lifetime 100.00 hours.
- last mod on Wed Aug 18 08:22:29 1999 by admin
- permit password reuse
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ33"
->Exiting an AFS Session</A
-></H1
-><P
->Because logging in and authenticating with AFS are distinct operations, you must both logout and unauthenticate (issue the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command to discard your tokens) when exiting an AFS session. Simply logging out does not
- necessarily destroy your tokens.</P
-><P
->You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command any time you want to unauthenticate, not just when logging
- out. For instance, it is a good practice to unauthenticate before leaving your machine unattended, to prevent other users from
- using your tokens during your absence. When you return to your machine, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command
- to reauthenticate, as described in <A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
->.</P
-><P
->Do not issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command when you are running jobs that take a long time to
- complete, even if you are logging out. Such processes must have a token during the entire time they need authenticated access to
- AFS.</P
-><P
->If you have tokens from multiple cells and want to discard only some of them, include the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command's <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_50"
->To Discard Tokens</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog</B
-></SPAN
-> command to discard your tokens:</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog -cell</B
-></SPAN
-> <<VAR
-CLASS="replaceable"
->cell name</VAR
->><SUP
->+</SUP
->
-</PRE
-><P
->Omit the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
-> argument to discard all of your tokens, or use it to name each cell for
- which to discard tokens. It is best to provide the full name of each cell (such as <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu.edu</B
-></SPAN
->
- or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
->).</P
-><P
->You can issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
-> command to verify that your tokens were destroyed, as in the
- following example.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- --End of list--
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_51"
->Example: Unauthenticating from a Specific Cell</A
-></H2
-><P
->In the following example, a user has tokens in both the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->accounting</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->marketing</B
-></SPAN
-> cells at her company. She discards the token for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->acctg.abc.com</B
-></SPAN
-> cell but keeps the token for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->mktg.abc.com</B
-></SPAN
->
- cell.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- User's (AFS ID 35) tokens for afs@acctg.abc.com [Expires Nov 10 22:30]
- User's (AFS ID 674) tokens for afs@mktg.abc.com [Expires Nov 10 18:44]
- --End of list--
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->unlog -cell acctg.abc.com</B
-></SPAN
->
- % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->tokens</B
-></SPAN
->
- Tokens held by the Cache Manager:
- User's (AFS ID 674) tokens for afs@mktg.abc.com [Expires Nov 10 18:44]
- --End of list--
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_52"
->To Log Out</A
-></H2
-><P
->After you have unauthenticated, log out by issuing the command appropriate for your machine type, which is possibly one
- of the following.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->logout</B
-></SPAN
->
-</PRE
-><P
->or</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->exit</B
-></SPAN
->
-</PRE
-><P
->or</P
-><PRE
-CLASS="programlisting"
-> % <<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Ctrl-d</B
-></SPAN
->>
-</PRE
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ34"
->Accessing the AFS Filespace</A
-></H1
-><P
->While you are logged in and authenticated, you can access files in AFS just as you do in the UNIX file system. The only
- difference is that you can access potentially many more files. Just as in the UNIX file system, you can only access those files
- for which you have permission. AFS uses access control lists (ACLs) to control access, as described in <A
-HREF="c1444.html"
->Protecting Your Directories and Files</A
->.</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_54"
->AFS Pathnames</A
-></H2
-><P
->AFS pathnames look very similar to UNIX file system names. The main difference is that every AFS pathname begins with
- the AFS root directory, which is called <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> by convention. Having <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> at the top of every AFS cell's filespace links together their filespaces into a global filespace.
- </P
-><P
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Note for Windows users:</B
-></SPAN
-> Windows uses a backslash (Â <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->\</B
-></SPAN
->Â ) rather than a forward slash (Â <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/</B
-></SPAN
->Â ) to separate the
- elements in a pathname. Otherwise, your access to AFS filespace is much the same as for users working on UNIX machines.</P
-><P
->The second element in AFS pathnames is generally a cell's name. For example, the ABC Corporation cell is called
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> and the pathname of every file in its filespace begins with the string <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs/abc.com</B
-></SPAN
->. Some cells also create a directory at the second level with a shortened name (such as
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc</B
-></SPAN
-> for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->abc.com</B
-></SPAN
-> or <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu</B
-></SPAN
->
- for <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->stateu.edu</B
-></SPAN
->), to reduce the amount of typing necessary. Your system administrator can tell
- you if your cell's filespace includes shortened names like this. The rest of the pathname depends on how the cell's
- administrators organized its filespace.</P
-><P
->To access directories and files in AFS you must both specify the correct pathname and have the required permissions on
- the ACL that protects the directory and the files in it.</P
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_55"
->Example: Displaying the Contents of Another User's Directory</A
-></H2
-><P
->The user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->terry</B
-></SPAN
-> wants to look for a file belonging to another user, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->. He issues the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> command on the appropriate pathname.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls /afs/abc.com/usr/pat/public</B
-></SPAN
->
- doc/ directions/
- guide/ jokes/
- library/
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ35"
->Accessing Foreign Cells</A
-></H2
-><P
->You can access files not only in your own cell, but in any AFS cell that you can reach via the network, regardless of
- geographical location. There are two additional requirements:
-
- <UL
-><LI
-><P
->Your Cache Manager's list of foreign cells must include the cell you want to access. Only the local superuser
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
-> can edit the list of cells, but anyone can display it. See <A
-HREF="c1095.html#HDRWQ42"
->Determining Access to Foreign Cells</A
->.</P
-></LI
-><LI
-><P
->The ACL on the directory that houses the file, and on every parent directory in the pathname, must grant you the
- necessary permissions. The simplest way for the directory's owner to extend permission to foreign users is to put an entry
- for the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->system:anyuser</B
-></SPAN
-> group on the ACL.</P
-><P
->The alternative is for the foreign cell's administrator to create an account for you, essentially making you a local
- user in the cell. The directory's owner creates an ACL entry for you as for any other local user. To authenticate in the
- foreign cell, issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->-cell</B
-></SPAN
->
- argument.</P
-></LI
-></UL
->
-</P
-><P
->For further discussion of directory and file protection, see <A
-HREF="c1444.html"
->Protecting Your Directories and
- Files</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRWQ36"
->Changing Your Password</A
-></H1
-><P
->In cells that use an AFS-modified login utility, the password is the same for both logging in and authenticating with AFS.
- In this case, you use a single command, <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
->, to change the password.</P
-><P
->If your machine does not use an AFS-modified login utility, there are separate passwords for logging into the local file
- system and authenticating with AFS. (The two passwords can be the same or different, at your discretion.) In this case, use the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command to change your AFS password and the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
-> command to change your UNIX password.</P
-><P
->Your system administrator can improve cell security by configuring several features that guide your choice of password.
- Keep them in mind when you issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command:
-
- <UL
-><LI
-><P
->Limiting the amount of time your password is valid. This improves your cell's security by limiting the amount of time
- an unauthorized user has to try to guess your password. Your system administrator needs to tell you when your password is
- due to expire so that you can change it in time. The administrator can configure the AFS-modified login utility to report
- this information automatically each time you log in. You can also use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
->
- command to display the password expiration date, as instructed in <A
-HREF="c569.html#HDRWQ37"
->To Display Password Expiration
- Date and Reuse Policy</A
->.</P
-><P
->You can change your password prior to the expiration date, but your system administrator can choose to set a minimum
- time between password changes. The following message indicates that the minimum time has not yet passed.</P
-><PRE
-CLASS="programlisting"
-> kpasswd: password was not changed because you changed it too
- recently; see your system administrator
-</PRE
-></LI
-><LI
-><P
->Enforcing password quality standards, such as a minimum length or inclusion of nonalphabetic characters. The
- administrator needs to tell you about such requirements so that you do not waste time picking unacceptable passwords.</P
-></LI
-><LI
-><P
->Rejecting a password that is too similar to the last 20 passwords you used. You can use the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas
- examine</B
-></SPAN
-> command to check whether this policy applies to you, as instructed in <A
-HREF="c569.html#HDRWQ37"
->To Display
- Password Expiration Date and Reuse Policy</A
->. The following message indicates that the password you have chosen is too
- similar to a previous password. <PRE
-CLASS="programlisting"
-> kpasswd: Password was not changed because it seems like a reused password
-</PRE
-></P
-></LI
-></UL
->
-</P
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="HDRWQ37"
->To Display Password Expiration Date and Reuse Policy</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> command to display your password expiration date and reuse
- policy. You can examine only your own account. The third line of the output reports your password's expiration date. The last
- line reports the password reuse policy that applies to you.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kas examine</B
-></SPAN
-> <VAR
-CLASS="replaceable"
->your_username</VAR
->
- Password for <VAR
-CLASS="replaceable"
->your_username</VAR
->: <VAR
-CLASS="replaceable"
->your_AFS_password</VAR
->
-</PRE
-><P
->The following example displays the output for the user <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->pat</B
-></SPAN
->.</P
-><PRE
-CLASS="programlisting"
-> User data for pat
- key (15) cksum is 3414844392, last cpw: Thu Oct 21 16:05:44 1999
- password will expire: Fri Nov 26 20:44:36 1999
- 9 consecutive unsuccessful authentications are permitted.
- The lock time for this user is 25.5 minutes.
- User is not locked.
- entry never expires. Max ticket lifetime 100.00 hours.
- last mod on Wed Aug 18 08:22:29 1999 by admin
- don't permit password reuse
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_59"
->To Change Your AFS Password</A
-></H2
-><P
->Issue the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
-> command, which prompts you to provide your old and new passwords and
- to confirm the new password. The passwords do not echo visibly on the screen.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->kpasswd</B
-></SPAN
->
- Old password: <VAR
-CLASS="replaceable"
->current_password</VAR
->
- New password (RETURN to abort): <VAR
-CLASS="replaceable"
->new_password</VAR
->
- Retype new password: <VAR
-CLASS="replaceable"
->new_password</VAR
->
-</PRE
-></DIV
-><DIV
-CLASS="sect2"
-><H2
-CLASS="sect2"
-><A
-NAME="Header_60"
->To Change Your UNIX Password</A
-></H2
-><P
-> Issue the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
-> command, which prompts you to provide your old and new passwords and to confirm the new
- password. The passwords do not echo visibly on the screen. On many machines, the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
->
- resides in the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/bin</B
-></SPAN
-> directory, and you possibly need to type the complete pathname.</P
-><PRE
-CLASS="programlisting"
-> % <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->passwd</B
-></SPAN
->
- Changing password for <VAR
-CLASS="replaceable"
->username</VAR
->.
- Old password: <VAR
-CLASS="replaceable"
->current_password</VAR
->
- New password: <VAR
-CLASS="replaceable"
->new_password</VAR
->
- Retype new passwd: <VAR
-CLASS="replaceable"
->new_password</VAR
->
-</PRE
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="c113.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c1095.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->An Introduction to AFS</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Displaying Information about AFS</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->About This Guide</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="NEXT"
-TITLE="An Introduction to AFS"
-HREF="c113.html"></HEAD
-><BODY
-CLASS="preface"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="book1.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="c113.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="preface"
-><H1
-><A
-NAME="HDRWQ1"
-></A
->About This Guide</H1
-><P
->This section describes the purpose, organization, and conventions of this document.</P
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRPREFAUDPUR"
->Audience and Purpose</A
-></H1
-><P
->This guide describes concepts and procedures for accessing information stored in the AFS filespace. It is intended for AFS
- users who are familiar with UNIX but not necessarily AFS.</P
-><P
->The first chapter describes basic AFS concepts and guidelines for using it, and summarizes some of the differences between
- the UNIX file system and AFS. The remaining chapters explain how to perform basic AFS functions, including logging in, changing
- a password, listing information, protecting files, creating groups, and troubleshooting. Concepts important to a specific task
- or group of related tasks are presented in context, just prior to the procedures. Many examples are provided.</P
-><P
->Instructions generally include only the commands and command options necessary for a specific task. For a complete list of
- AFS commands and description of all options available on every command, see the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration
- Reference</I
-></SPAN
->.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRPREFORGAN"
->Document Organization</A
-></H1
-><P
->This document is divided into the following chapters.</P
-><P
-><A
-HREF="c113.html"
->An Introduction to AFS</A
-> introduces the basic concepts and functions of AFS. To use AFS
- successfully, it is important to be familiar with the terms and concepts described in this chapter.</P
-><P
-><A
-HREF="c569.html"
->Using AFS</A
-> describes how to use AFS's basic features: how to log in and authenticate, unlog,
- log out, access AFS files and directories in AFS, and change your password.</P
-><P
-><A
-HREF="c1095.html"
->Displaying Information about AFS</A
-> describes how to display information about AFS volume
- quota and location, file server machine status, and the foreign cells you can access.</P
-><P
-><A
-HREF="c1444.html"
->Protecting Your Directories and Files</A
-> describes how to protect your data using AFS access
- control lists (ACLs).</P
-><P
-><A
-HREF="c2454.html"
->Using Groups</A
-> describes how to create and manage groups.</P
-><P
-><A
-HREF="c3402.html"
->Troubleshooting</A
-> outlines step-by-step diagnostic and corrective steps for specific
- problems.</P
-><P
-><A
-HREF="a3632.html"
->Appendix A, Using the NFS/AFS Translator</A
-> describes how to use the NFS/AFS Translator to
- access the AFS filespace from an NFS client machine.</P
-><P
-><A
-HREF="a3812.html"
->Appendix B, AFS Command Syntax and Online Help</A
-> describes AFS command syntax and how to
- obtain online information about commands.</P
-><P
-><A
-HREF="g4153.html"
->Appendix C, Glossary</A
-> defines terms used in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS User
- Guide</I
-></SPAN
->.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRUSERFRONTHOWTO"
->How To Use This Document</A
-></H1
-><P
->Before you begin using AFS, read <A
-HREF="c113.html"
->An Introduction to AFS</A
->. Next, follow the procedures
- outlined in <A
-HREF="c569.html"
->Using AFS</A
-> to get started using AFS as an authenticated user. It describes how to
- access files in the AFS filespace and how to end an AFS session. Consult the other chapters as you need to perform the tasks
- they describe.</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRPREFRELATE"
->Related Documents</A
-></H1
-><P
->The AFS Documentation Kit also includes the following documents:
-
- <UL
-><LI
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Reference</I
-></SPAN
-> details the syntax of each AFS command and is intended for
- the experienced AFS administrator, programmer, or user. For each AFS command, the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration
- Reference</I
-></SPAN
-> lists the command syntax, aliases and abbreviations, description, arguments, warnings, output,
- examples, and related topics. Commands are organized alphabetically.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Administration Guide</I
-></SPAN
-> describes concepts and procedures necessary for administering an
- AFS cell, as well as more extensive coverage of the topics in the <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS User Guide</I
-></SPAN
->.</P
-></LI
-><LI
-><P
->The <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->IBM AFS Quick Beginnings</I
-></SPAN
-> provides instructions for installing AFS server and client
- machines.</P
-></LI
-></UL
->
-</P
-></DIV
-><DIV
-CLASS="sect1"
-><H1
-CLASS="sect1"
-><A
-NAME="HDRTYPO_CONV"
->Typographical Conventions</A
-></H1
-><P
->This document uses the following typographical conventions:
-
- <UL
-><LI
-><P
->Command and option names appear in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bold type</B
-></SPAN
-> in syntax definitions, examples, and
- running text. Names of directories, files, machines, partitions, volumes, and users also appear in <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->bold type</B
-></SPAN
->.</P
-></LI
-><LI
-><P
->Variable information appears in <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->italic type</I
-></SPAN
->. This includes user-supplied information on command
- lines and the parts of prompts that differ depending on who issues the command. New terms also appear in <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->italic
- type</I
-></SPAN
->.</P
-></LI
-><LI
-><P
->Examples of screen output and file contents appear in <SAMP
-CLASS="computeroutput"
->monospace type</SAMP
->.</P
-></LI
-></UL
->
-</P
-><P
->In addition, the following symbols appear in command syntax definitions, both in the documentation and in AFS online help
- statements. When issuing a command, do not type these symbols.
-
- <UL
-><LI
-><P
->Square brackets <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->[ ]</B
-></SPAN
-> surround optional items.</P
-></LI
-><LI
-><P
->Angle brackets <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->< ></B
-></SPAN
-> surround user-supplied values in AFS commands.</P
-></LI
-><LI
-><P
->A superscripted plus sign <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->+</B
-></SPAN
-> follows an argument that accepts more than one
- value.</P
-></LI
-><LI
-><P
->The percent sign <SAMP
-CLASS="computeroutput"
->%</SAMP
-> represents the regular command shell prompt. Some operating
- systems possibly use a different character for this prompt.</P
-></LI
-><LI
-><P
->The number sign <SAMP
-CLASS="computeroutput"
->#</SAMP
-> represents the command shell prompt for the local superuser
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->root</B
-></SPAN
->. Some operating systems possibly use a different character for this prompt.</P
-></LI
-><LI
-><P
->The pipe symbol <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->|</B
-></SPAN
-> in a command syntax statement separates mutually exclusive values
- for an argument.</P
-></LI
-></UL
->
-</P
-><P
->For additional information on AFS commands, including a description of command string components, acceptable abbreviations
- and aliases, and how to get online help for commands, see <A
-HREF="a3812.html"
->Appendix B, AFS Command Syntax and Online
- Help</A
->.</P
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="c113.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->AFS User Guide</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->An Introduction to AFS</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Glossary</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="AFS Command Syntax and Online Help"
-HREF="a3812.html"><LINK
-REL="NEXT"
-TITLE="Index"
-HREF="i4608.html"></HEAD
-><BODY
-CLASS="glossary"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="a3812.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-><A
-HREF="i4608.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="GLOSSARY"
-><H1
-><A
-NAME="HDRWQ90"
-></A
->Glossary</H1
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4155"
->A</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a (administer) Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The ACL permission that allows the possessor to change the entries on the ACL .</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a Privacy Flag</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The fourth privacy flag on a group, which enables the possessor to add members to it.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Access Control List (ACL)</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A list associated with an AFS directory that specifies what actions a user or group can perform on the directory and
- the files in it. There are seven access permissions: <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->administer</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->delete</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->insert</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lock</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lookup</B
-></SPAN
->), <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read</B
-></SPAN
->), and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w</B
-></SPAN
-> (<SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write</B
-></SPAN
->).</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ACL Entry</B
-></SPAN
-></B
-></DT
-><DD
-><P
->An entry on an ACL that pairs a user or group with specific access permissions.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Alias</B
-></SPAN
-></B
-></DT
-><DD
-><P
->An alternative name for an AFS command.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->all ACL Shorthand</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A shorthand notation used with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to represent all seven
- permissions.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Anonymous</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The identity assigned to a user who does not have a valid token for the local cell.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Argument</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The portion of a command that names an entity to be affected by the command. Arguments consist of two parts: a
- <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->switch</I
-></SPAN
-> and one or more <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->instances</I
-></SPAN
->. Some AFS commands take one or more
- arguments.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Authenticate</B
-></SPAN
-></B
-></DT
-><DD
-><P
->To become recognized as a valid AFS user by providing the correct password. Authenticate by logging onto a machine
- that uses an AFS-modified login utility or by issuing the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->klog</B
-></SPAN
-> command. Only authenticated
- users can perform most AFS actions.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4220"
->B</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Byte, kilobyte</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A unit of measure used to measure usage of space in a volume or on a partition. A kilobyte block is equal to 1024
- bytes.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4227"
->C</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Cache Manager</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A set of modifications to the operating system on a client machine which enables users on the machine to access files
- stored in AFS. The Cache Manager requests files from the File Server and stores (<SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->caches</I
-></SPAN
->) a copy of each
- file on the client machine's local disk. Application programs then use the cached copy, which eliminates repeated network
- requests to file server machines.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Cached File</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A copy of a file that the Cache Manager stores on a workstation's local disk.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Callback</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A promise from the File Server to contact the Cache Manager if the centrally stored copy of the file changes while the
- Cache Manager has a cached copy. If the file is altered, the File Server <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->breaks</I
-></SPAN
-> the callback. The next
- time an application program asks for data from the file, the Cache Manager notices the broken callback and retrieves an
- updated copy of the file from the File Server. Callbacks ensure the user is working with the most recent copy of a
- file.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Cell</B
-></SPAN
-></B
-></DT
-><DD
-><P
->An independently administered site running AFS, consisting of a collection of file server machines and client machines
- defined to belong to the cell. A machine can belong to only one cell at a time.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Client Machines</B
-></SPAN
-></B
-></DT
-><DD
-><P
->Computers that perform computations for users. Users normally work on a client machine, accessing files stored on a
- file server machine.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Client/Server Computing</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A computing system in which two types of computers (client machines and server machines) perform different specialized
- functions.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Command</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A string of characters indicating an action for an AFS server to perform. For a description of AFS command syntax, see
- <A
-HREF="a3812.html"
->Appendix B, AFS Command Syntax and Online Help</A
->.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Command Suite</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A group of AFS commands with related functions. The command suite name is the first word in many AFS commands.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Complete Pathname</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A full specification of a file's location in AFS, starting at the root of the filespace (by convention mounted at the
- <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->/afs</B
-></SPAN
-> directory) and specifying all the directories the Cache Manager must pass through to
- access the file. The names of the directories are separated by slashes.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4278"
->D</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->d (delete) Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The ACL permission that enables the possessor to remove elements from a directory.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Directory</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A logical structure containing a collection of files and other directories.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Distributed File System</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A file system that joins the file systems of individual machines. Files are stored on different machines in the
- network but are accessible from all machines.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4295"
->F</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->File</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A collection of information stored and retrieved as a unit.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->File Server Machine</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A type of machine that stores files and transfers them to client machines on request.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Flag</B
-></SPAN
-></B
-></DT
-><DD
-><P
->Part of a command that determines how the command executes, or the type of output it produces.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Foreign Cell</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A cell other than the cell to which the client machine belongs. If the client machine is appropriately configured,
- users can access the AFS filespace in foreign cells as well as the local cell, and can authenticate in foreign cells in
- which they have AFS accounts.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4317"
->G</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Group</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A defined list of users, which can be placed on a directory's ACL to extend a set of permissions to all of its members
- at once.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Group-owned Group</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A group owned by another group. All members of the owning group can administer the owned group; the members of the
- owned group do not have administer permissions themselves.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4329"
->H</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Hierarchical File Structure</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A method of storing data in directories that are organized in a tree structure.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Home Directory</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A directory owned by a user and dedicated to storage of the user's personal files.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4341"
->I</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->i (insert) Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The ACL permission that enables the possessor to add files or subdirectories to a directory.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Instance</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The part of a command string that defines the entity to affect.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4353"
->K</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k (lock) Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->See the k (lock) Permission entry. The ACL permission that enables programs to place advisory locks on a file.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Kilobyte</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A unit of measure used to measure usage of space in a volume or on a partition. A kilobyte is equal to 1024 bytes. The
- term <SPAN
-CLASS="emphasis"
-><I
-CLASS="emphasis"
->kilobyte block</I
-></SPAN
-> is sometimes used when referring to disk space.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4366"
->L</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l (lookup) Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The ACL permission that enables the possessor to list the contents of a directory and display its ACL.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Local Cell</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The cell to which the user's account and client machine belong.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->lock Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->See the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->k (lock) Permission</B
-></SPAN
-> entry.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Login</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The process of establishing a connection to a client machine's local file system as a specific user.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Logout</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The process of ending a connection to the local file system.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4394"
->M</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->m Privacy Flag</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The third privacy flag on a group, which enables the possessor to list the members of a group or the groups to which a
- user belongs.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Mode Bits</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A set of permissions that the UNIX file system associates with a file or directory to control access to it. They
- appear in the first field of the output from the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls -l</B
-></SPAN
-> command.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Mount Point</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A special type of directory that associates a location in the AFS file space with a volume. It acts like a standard
- UNIX directory in that users can change directory to it and list its contents with the UNIX <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->cd</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->ls</B
-></SPAN
-> commands.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Mutual Authentication</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A procedure through which two parties prove their identities to one another. AFS server and client processes normally
- mutually authenticate as they establish a connection.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4419"
->N</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->NFS/AFS Translator</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A program that enables users on NFS client machines to access files in the AFS filespace.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->none ACL Shorthand</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A shorthand notation used with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to delete an entry from an
- ACL.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4432"
->O</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->o Privacy Flag</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The second privacy flag on a group, which enables the possessor to list groups owned by the user or group.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Operation Code</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The second word in an AFS command that belongs to a suite. It indicates the command's function.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Owner of a Group</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The person or group who can administer a group.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4449"
->P</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Parent Directory</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The directory in which a directory or file resides.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Partition</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A logical section of a disk in a computer.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Password</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A unique, user-defined string of characters validating the user's system identity. The user must correctly enter the
- password in order to be authenticated.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A certain type of access granted on an ACL. Anyone who possesses the permission can perform the action.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4471"
->Q</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Quota</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The size limit of a volume, assigned by the system administrator and measured in kilobyte blocks.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4478"
->R</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r (read) Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The ACL permission that enables the possessor to examine the contents of a file.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r Privacy Flag</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The fifth privacy flag on a group, which enables the possessor to remove members from it.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->read ACL Shorthand</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A shorthand notation used with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to represent the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->r</B
-></SPAN
-> and <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->l</B
-></SPAN
-> permissions.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Relative Pathname</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A pathname that does not begin at the root of the AFS or local filespace and so represents a file or directory's
- location with respect to the current working directory.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Remote Commands</B
-></SPAN
-></B
-></DT
-><DD
-><P
->Commands used to run programs on a remote machine without establishing a persistent connection to it.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4508"
->S</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->s Privacy Flag</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The first privacy flag on a group, which enables the possessor to list general information about it.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Self-owned Group</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A group that owns itself, enabling all of its members to administer it.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Server</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A program or machine that provides a specialized service to its clients, such as storing and transferring files or
- performing authentication.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Subdirectory</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A directory that resides in another directory in the file system hierarchy.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Switch</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The part of a command string defining the type of an argument. It is preceded by a hyphen.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Syntax Statement</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A specification of the options available on a command and their ordering.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->System Administrator</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A user who is authorized to administer an AFS cell.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->System Groups</B
-></SPAN
-></B
-></DT
-><DD
-><P
->Groups that AFS defines automatically to represent users who share certain characteristics. See the following three
- entries.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->System:administrators group</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A system group that includes users authorized to administer AFS.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->System:anyuser group</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A system group that includes everyone who can gain access the cell's AFS filespace. It includes unauthenticated users,
- who are assigned the identity <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
->.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->System:authuser group</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A system group that includes all users who currently have valid AFS tokens for the local cell.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4566"
->T</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Token</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A collection of data that the AFS server processes accept as evidence that the possessor has successfully proved his
- or her identity to the cell's AFS authentication service. AFS assigns the identity <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->anonymous</B
-></SPAN
-> to users who do not have a token.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4574"
->U</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->UNIX Mode Bits</B
-></SPAN
-></B
-></DT
-><DD
-><P
->See the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Mode Bits</B
-></SPAN
-> entry.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Username</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A character string entered at login that uniquely identifies a person in the local cell.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4587"
->V</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->Volume</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A structure that AFS uses to group a set of files and directories into a single unit for administrative purposes. The
- contents of a volume reside on a single disk partition and must be mounted in the AFS filespace to be accessible.</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="glossdiv"
-><H1
-CLASS="glossdiv"
-><A
-NAME="AEN4594"
->W</A
-></H1
-><DL
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->w (write) Permission</B
-></SPAN
-></B
-></DT
-><DD
-><P
->The ACL permission that enables the possessor to modify the contents of a file.</P
-></DD
-><DT
-><B
-><SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->write ACL Shorthand</B
-></SPAN
-></B
-></DT
-><DD
-><P
->A shorthand notation used with the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->fs setacl</B
-></SPAN
-> command to represent all permissions
- except the <SPAN
-CLASS="bold"
-><B
-CLASS="emphasis"
->a</B
-></SPAN
-> permission.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="a3812.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-><A
-HREF="i4608.html"
-ACCESSKEY="N"
->Next</A
-></TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->AFS Command Syntax and Online Help</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
->Index</TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->Index</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
-REL="HOME"
-TITLE="AFS User Guide"
-HREF="book1.html"><LINK
-REL="PREVIOUS"
-TITLE="Glossary"
-HREF="g4153.html"></HEAD
-><BODY
-CLASS="index"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="NAVHEADER"
-><TABLE
-SUMMARY="Header navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TH
-COLSPAN="3"
-ALIGN="center"
->AFS User Guide: Version 3.6</TH
-></TR
-><TR
-><TD
-WIDTH="10%"
-ALIGN="left"
-VALIGN="bottom"
-><A
-HREF="g4153.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="80%"
-ALIGN="center"
-VALIGN="bottom"
-></TD
-><TD
-WIDTH="10%"
-ALIGN="right"
-VALIGN="bottom"
-> </TD
-></TR
-></TABLE
-><HR
-ALIGN="LEFT"
-WIDTH="100%"></DIV
-><DIV
-CLASS="index"
-><H1
-><A
-NAME="AEN4608"
-></A
->Index</H1
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN4609"
->A</A
-></H2
-><DL
-><DT
->a ACL permission,
- <A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
->
- </DT
-><DT
->a privacy flag on groups,
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->
- </DT
-><DT
->access control list
- </DT
-><DD
-><DL
-><DT
->see ACL</DT
-></DL
-></DD
-><DT
->access permissions on ACL,
- <A
-HREF="c1444.html#HDRWQ46"
->The AFS ACL Permissions</A
->
- </DT
-><DD
-><DL
-><DT
->see also ACL</DT
-></DL
-></DD
-><DT
->access to AFS filespace
- </DT
-><DD
-><DL
-><DT
->ACL entries control,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->controlling at directory level,
- <A
-HREF="c1444.html#Header_81"
->Directory Level Access Control</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->controlling for subdirectories,
- <A
-HREF="c1444.html#Header_90"
->Enabling Access to Subdirectories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->enabling for service processes,
- <A
-HREF="c1444.html#Header_91"
->Extending Access to Service Processes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->enabling for users from foreign cells,
- <A
-HREF="c1444.html#HDRWQ51"
->Extending Access to Users from Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->failures, troubleshooting,
- <A
-HREF="c3402.html#HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->format of pathnames,
- <A
-HREF="c569.html#Header_54"
->AFS Pathnames</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->from NFS client machines,
- <A
-HREF="a3632.html"
->Using the NFS/AFS Translator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting and denying to users,
- <A
-HREF="c1444.html#HDRWQ45"
->Access Control Lists</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ACL
- </DT
-><DD
-><DL
-><DT
->accidentally removed yourself,
- <A
-HREF="c3402.html#HDRWQ78"
->Problem: Accidentally Removed Your Entry from an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->auxiliary permissions,
- <A
-HREF="c1444.html#Header_85"
->The Eight Auxiliary Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->clearing,
- <A
-HREF="c1444.html#HDRWQ57"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->compared to UNIX mode bits,
- <A
-HREF="c113.html#HDRWQ16"
->File and Directory Protection</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->copying between directories,
- <A
-HREF="c1444.html#HDRWQ58"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating negative entry,
- <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating normal entry,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->described,
- <A
-HREF="c113.html#Header_21"
->Access Control Lists</A
->,
- <A
-HREF="c1444.html#HDRWQ45"
->Access Control Lists</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c1444.html#HDRWQ52"
->Displaying an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->foreign users on,
- <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->negative permissions,
- <A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->normal permissions,
- <A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->normal vs. negative permissions,
- <A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->permissions defined,
- <A
-HREF="c1444.html#HDRWQ46"
->The AFS ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing obsolete entries,
- <A
-HREF="c2454.html#HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->replacing all entries,
- <A
-HREF="c1444.html#HDRWQ57"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c1444.html#HDRWQ54"
->Changing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->shorthand notation for grouping sets of permissions,
- <A
-HREF="c1444.html#Header_86"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->adding
- </DT
-><DD
-><DL
-><DT
->ACL entry to negative permissions section,
- <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL entry to normal permissions section,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->users to groups,
- <A
-HREF="c2454.html#HDRWQ68"
->Creating Groups and Adding Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->administer ACL permission,
- <A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
->
- </DT
-><DT
->AFS
- </DT
-><DD
-><DL
-><DT
->accessing filespace,
- <A
-HREF="c569.html#Header_54"
->AFS Pathnames</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->accessing from NFS client machine,
- <A
-HREF="a3632.html"
->Using the NFS/AFS Translator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->filespace as extension of local filespace,
- <A
-HREF="c113.html#HDRWQ4"
->AFS Filespace and Local Filespace</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->security,
- <A
-HREF="c113.html#HDRWQ11"
->AFS Security</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->sharing information,
- <A
-HREF="c113.html#HDRWQ3"
->AFS Concepts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->transparent access,
- <A
-HREF="c113.html#HDRWQ3"
->AFS Concepts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->UIDs and GIDs,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->afs (/afs) directory
- </DT
-><DD
-><DL
-><DT
->as root of AFS filespace,
- <A
-HREF="c113.html#HDRWQ4"
->AFS Filespace and Local Filespace</A
->,
- <A
-HREF="c569.html#Header_54"
->AFS Pathnames</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->afs: failed to store file (error message),
- <A
-HREF="c3402.html#Header_156"
->Error Message: "fs: You don't have the required access rights on 'file'"</A
->
- </DT
-><DT
->all shorthand for ACL permissions,
- <A
-HREF="c1444.html#Header_86"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DT
->apropos operation code,
- <A
-HREF="a3812.html#Header_180"
->Displaying Command Syntax and Aliases</A
->
- </DT
-><DT
->arguments to AFS commands,
- <A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
->
- </DT
-><DT
->authentication
- </DT
-><DD
-><DL
-><DT
->as another user,
- <A
-HREF="c569.html#Header_39"
->Obtaining Tokens as Another User</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c113.html#HDRWQ12"
->Passwords and Mutual Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->in a foreign cell,
- <A
-HREF="c569.html#HDRWQ26"
->Obtaining Tokens For Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->limits on consecutive failed attempts,
- <A
-HREF="c569.html#HDRWQ31"
->Limits on Failed Authentication Attempts</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mutual,
- <A
-HREF="c113.html#HDRWQ12"
->Passwords and Mutual Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->to AFS on NFS client machines,
- <A
-HREF="a3632.html#Header_160"
->Accessing AFS via the Translator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tokens as proof,
- <A
-HREF="c569.html#HDRWQ24"
->Authenticating with AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->with DCE for DFS access,
- <A
-HREF="c569.html#Header_41"
->Authenticating for DFS Access</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->auxiliary ACL permissions,
- <A
-HREF="c1444.html#Header_85"
->The Eight Auxiliary Permissions</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN4748"
->C</A
-></H2
-><DL
-><DT
->Cache Manager
- </DT
-><DD
-><DL
-><DT
->described,
- <A
-HREF="c113.html#HDRWQ9"
->The Cache Manager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying file server preferences,
- <A
-HREF="c1095.html#HDRWQ43"
->Displaying Server Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tokens, use of,
- <A
-HREF="c569.html#HDRWQ24"
->Authenticating with AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->caching files,
- <A
-HREF="c113.html#HDRWQ9"
->The Cache Manager</A
->
- </DT
-><DT
->callbacks,
- <A
-HREF="c113.html#HDRWQ10"
->Updating Copies of Cached Files</A
->
- </DT
-><DT
->cells
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c113.html#HDRWQ5"
->Cells and Sites</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->local vs. foreign,
- <A
-HREF="c113.html#HDRWQ5"
->Cells and Sites</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->changing
- </DT
-><DD
-><DL
-><DT
->ACLs,
- <A
-HREF="c1444.html#HDRWQ54"
->Changing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->AFS password,
- <A
-HREF="c569.html#Header_59"
->To Change Your AFS Password</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group name,
- <A
-HREF="c2454.html#HDRWQ72"
->Changing a Group's Owner or Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group owner,
- <A
-HREF="c2454.html#HDRWQ72"
->Changing a Group's Owner or Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->UNIX password,
- <A
-HREF="c569.html#Header_60"
->To Change Your UNIX Password</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->checking
- </DT
-><DD
-><DL
-><DT
->tokens,
- <A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->chgrp command,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DT
->chmod command,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c1444.html#HDRWQ59"
->How AFS Uses the UNIX Mode Bits</A
->
- </DT
-><DT
->chown command,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DT
->clearing all ACL entries,
- <A
-HREF="c1444.html#HDRWQ57"
->Completely Replacing an ACL</A
->
- </DT
-><DT
->client machine,
- <A
-HREF="c113.html#Header_9"
->Client/Server Computing</A
->,
- <A
-HREF="c113.html#HDRWQ9"
->The Cache Manager</A
->
- </DT
-><DT
->client/server computing,
- <A
-HREF="c113.html#Header_9"
->Client/Server Computing</A
->
- </DT
-><DT
->commands
- </DT
-><DD
-><DL
-><DT
->AFS, issuing on NFS client machine,
- <A
-HREF="a3632.html#HDRWQ81"
->Requirements for Using the NFS/AFS Translator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->chgrp,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->chmod,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c1444.html#HDRWQ59"
->How AFS Uses the UNIX Mode Bits</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->chown,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dlog,
- <A
-HREF="c569.html#Header_41"
->Authenticating for DFS Access</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->dpass,
- <A
-HREF="c569.html#Header_41"
->Authenticating for DFS Access</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs checkservers,
- <A
-HREF="c1095.html#Header_73"
->To Check File Server Machine Status</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs cleanacl,
- <A
-HREF="c2454.html#Header_137"
->To Remove Obsolete ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs copyacl,
- <A
-HREF="c1444.html#Header_108"
->To Copy an ACL Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs examine,
- <A
-HREF="c1095.html#Header_67"
->To Display Quota and Other Information about a Volume and Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs getserverprefs,
- <A
-HREF="c1095.html#HDRWQ43"
->Displaying Server Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs listacl,
- <A
-HREF="c1444.html#HDRWQ53"
->To display an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs listcells,
- <A
-HREF="c1095.html#Header_76"
->To Display Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs listquota,
- <A
-HREF="c1095.html#Header_65"
->To Display Quota and Other Information about a Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs quota,
- <A
-HREF="c1095.html#Header_63"
->To Display Percentage of Quota Used</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs setacl,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->,
- <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->fs whereis,
- <A
-HREF="c1095.html#Header_70"
->To Display a File or Directory's Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ftp,
- <A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->groups,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->inetd,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kas examine,
- <A
-HREF="c569.html#HDRWQ32"
->To Display Your Failed Authentication Limit and Lockout Time</A
->,
- <A
-HREF="c569.html#HDRWQ37"
->To Display Password Expiration Date and Reuse Policy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->klog,
- <A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->knfs,
- <A
-HREF="a3632.html#HDRWQ83"
->To Authenticate on an Unsupported Operating System</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->kpasswd,
- <A
-HREF="c569.html#Header_59"
->To Change Your AFS Password</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ln,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->login,
- <A
-HREF="c569.html#HDRWQ22"
->Logging In</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->passwd,
- <A
-HREF="c569.html#Header_60"
->To Change Your UNIX Password</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts adduser,
- <A
-HREF="c2454.html#HDRWQ70"
->To Add Members to a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts chown,
- <A
-HREF="c2454.html#HDRWQ73"
->To Change a Group's Owner</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts creategroup,
- <A
-HREF="c2454.html#HDRWQ69"
->To Create a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts delete,
- <A
-HREF="c2454.html#Header_135"
->To Delete a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts examine,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts listowned,
- <A
-HREF="c2454.html#HDRWQ66"
->To Display the Groups a User or Group Owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts membership,
- <A
-HREF="c2454.html#HDRWQ65"
->To Display Group Membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts removeuser,
- <A
-HREF="c2454.html#Header_133"
->To Remove Members from a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts rename,
- <A
-HREF="c2454.html#Header_144"
->To Change a Group's Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->pts setfields,
- <A
-HREF="c2454.html#HDRWQ75"
->To Set a Group's Privacy Flags</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rcp,
- <A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rsh,
- <A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->suite organization for AFS,
- <A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->syntax for AFS,
- <A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tokens,
- <A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->unlog,
- <A
-HREF="c569.html#Header_50"
->To Discard Tokens</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->communication
- </DT
-><DD
-><DL
-><DT
->among cells and sites,
- <A
-HREF="c113.html#HDRWQ5"
->Cells and Sites</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->between clients and servers,
- <A
-HREF="c113.html#Header_9"
->Client/Server Computing</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->connection timed out (error message),
- <A
-HREF="c3402.html#HDRWQ79"
->Error Message: "afs: Lost contact with fileserver"</A
->
- </DT
-><DT
->copying
- </DT
-><DD
-><DL
-><DT
->ACL between directories,
- <A
-HREF="c1444.html#HDRWQ58"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->files, inability to,
- <A
-HREF="c3402.html#HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->creating
- </DT
-><DD
-><DL
-><DT
->ACL as copy of another,
- <A
-HREF="c1444.html#HDRWQ58"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL entry in negative permissions section,
- <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->ACL entry in normal permissions section,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->groups,
- <A
-HREF="c2454.html#HDRWQ68"
->Creating Groups and Adding Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN4922"
->D</A
-></H2
-><DL
-><DT
->d ACL permission,
- <A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
->
- </DT
-><DT
->delete ACL permission,
- <A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
->
- </DT
-><DT
->deleting groups,
- <A
-HREF="c2454.html#HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
->
- </DT
-><DT
->denying access with negative ACL entry,
- <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
->
- </DT
-><DT
->directories
- </DT
-><DD
-><DL
-><DT
->accessing AFS,
- <A
-HREF="c569.html#HDRWQ34"
->Accessing the AFS Filespace</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->copying ACLs between,
- <A
-HREF="c1444.html#HDRWQ58"
->Copying ACLs Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->denying access,
- <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying location,
- <A
-HREF="c1095.html#HDRWQ40"
->Locating Files and Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting access,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->inability to access,
- <A
-HREF="c3402.html#HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->replacing ACL,
- <A
-HREF="c1444.html#HDRWQ57"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting access control list,
- <A
-HREF="c1444.html#HDRWQ45"
->Access Control Lists</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->shorthand notation for referencing,
- <A
-HREF="a3812.html#Header_175"
->Shortening Directory References</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->disk partition
- </DT
-><DD
-><DL
-><DT
->consequences when full,
- <A
-HREF="c1095.html#HDRWQ39"
->Displaying Volume Quota</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying percentage of space used,
- <A
-HREF="c1095.html#Header_65"
->To Display Quota and Other Information about a Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying space available and total size,
- <A
-HREF="c1095.html#Header_67"
->To Display Quota and Other Information about a Volume and Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use in AFS,
- <A
-HREF="c113.html#HDRWQ6"
->Volumes and Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->displaying
- </DT
-><DD
-><DL
-><DT
->ACL entries,
- <A
-HREF="c1444.html#HDRWQ52"
->Displaying an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->directory/file location,
- <A
-HREF="c1095.html#Header_70"
->To Display a File or Directory's Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk partition percentage space used,
- <A
-HREF="c1095.html#Header_65"
->To Display Quota and Other Information about a Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->disk partition space available and total size,
- <A
-HREF="c1095.html#Header_67"
->To Display Quota and Other Information about a Volume and Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file or directory location,
- <A
-HREF="c1095.html#Header_70"
->To Display a File or Directory's Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group creator,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group information,
- <A
-HREF="c2454.html#HDRWQ64"
->Displaying Group Information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group owner,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group-creation quota,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->groups owned by a group,
- <A
-HREF="c2454.html#HDRWQ66"
->To Display the Groups a User or Group Owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->password expiration date,
- <A
-HREF="c569.html#HDRWQ37"
->To Display Password Expiration Date and Reuse Policy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->password reuse policy,
- <A
-HREF="c569.html#HDRWQ37"
->To Display Password Expiration Date and Reuse Policy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->percentage of volume quota used,
- <A
-HREF="c1095.html#Header_63"
->To Display Percentage of Quota Used</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->tokens,
- <A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume quota with other information,
- <A
-HREF="c1095.html#Header_65"
->To Display Quota and Other Information about a Volume</A
->,
- <A
-HREF="c1095.html#Header_67"
->To Display Quota and Other Information about a Volume and Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->distributed file system,
- <A
-HREF="c113.html#Header_10"
->Distributed File Systems</A
->
- </DT
-><DT
->dlog command,
- <A
-HREF="c569.html#Header_41"
->Authenticating for DFS Access</A
->
- </DT
-><DT
->dpass command,
- <A
-HREF="c569.html#Header_41"
->Authenticating for DFS Access</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5008"
->E</A
-></H2
-><DL
-><DT
->erasing all ACL entries,
- <A
-HREF="c1444.html#HDRWQ57"
->Completely Replacing an ACL</A
->
- </DT
-><DT
->error messages, troubleshooting,
- <A
-HREF="c3402.html#HDRWQ79"
->Error Message: "afs: Lost contact with fileserver"</A
->
- </DT
-><DT
->examples
- </DT
-><DD
-><DL
-><DT
->adding a user to an ACL,
- <A
-HREF="c1444.html#Header_99"
->Example: Adding a Single ACL Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->adding members to a group,
- <A
-HREF="c2454.html#Header_131"
->Example: Adding Members to a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->authenticating,
- <A
-HREF="c569.html#Header_44"
->Example: Authenticating in the Local Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->authenticating as another user,
- <A
-HREF="c569.html#Header_45"
->Example: Authenticating as a Another User</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->authenticating in a foreign cell,
- <A
-HREF="c569.html#Header_46"
->Example: Authenticating in a Foreign Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing group name,
- <A
-HREF="c2454.html#Header_145"
->Example: Changing a Group's group_name Suffix</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing group owner,
- <A
-HREF="c2454.html#Header_141"
->Example: Changing a Group's Owner to Another User</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->checking status of file servers,
- <A
-HREF="c1095.html#Header_74"
->Example: Checking Server Machine Status</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->copying ACL between directories,
- <A
-HREF="c1444.html#Header_109"
->Example: Copying an ACL from One Directory to Another</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating a group,
- <A
-HREF="c2454.html#Header_129"
->Example: Creating a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating a self-owned group,
- <A
-HREF="c2454.html#Header_142"
->Example: Changing a Group's Owner to Itself</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating entry on negative permissions section of ACL,
- <A
-HREF="c1444.html#Header_102"
->Example: Setting an Entry in the Negative Permissions Section</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deleting a group,
- <A
-HREF="c2454.html#Header_136"
->Example: Deleting a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying ACL for single directory,
- <A
-HREF="c1444.html#Header_95"
->Example: Displaying the ACL on One Directory</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying ACLs for multiple directories,
- <A
-HREF="c1444.html#Header_96"
->Example: Displaying the ACLs on Multiple Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying group information about a user,
- <A
-HREF="c2454.html#Header_126"
->Example: Listing Group Information about a User</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying groups a group owns,
- <A
-HREF="c2454.html#Header_122"
->Example: Displaying the Groups a Group Owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying groups a user owns,
- <A
-HREF="c2454.html#Header_123"
->Example: Displaying the Groups a User Owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying information about group,
- <A
-HREF="c2454.html#Header_125"
->Example: Listing Information about a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying members of a group,
- <A
-HREF="c2454.html#Header_119"
->Example: Displaying the Members of a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying volume information,
- <A
-HREF="c1095.html#Header_68"
->Example: Displaying Quota and Other Information about a Volume and Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying volume quota and other information,
- <A
-HREF="c1095.html#Header_66"
->Example: Display Quota and Other Information about a Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying volume quota percentage used,
- <A
-HREF="c1095.html#Header_64"
->Example: Displaying Percentage of Quota Used</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->locating multiple files,
- <A
-HREF="c1095.html#Header_71"
->Example: Displaying Directory Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing deleted groups from ACLs,
- <A
-HREF="c2454.html#Header_137"
->To Remove Obsolete ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing group members,
- <A
-HREF="c2454.html#Header_134"
->Example: Removing Group Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->replacing an ACL,
- <A
-HREF="c1444.html#Header_106"
->Example: Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting group's privacy flags,
- <A
-HREF="c2454.html#Header_150"
->Example: Setting a Group's Privacy Flags</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->unauthenticating from selected cells,
- <A
-HREF="c569.html#Header_51"
->Example: Unauthenticating from a Specific Cell</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->using chmod,
- <A
-HREF="c1444.html#Header_111"
->Example: Disabling Write Access for a File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume/mount point interaction,
- <A
-HREF="c113.html#HDRWQ6"
->Volumes and Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->exiting an AFS session,
- <A
-HREF="c569.html#HDRWQ33"
->Exiting an AFS Session</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5083"
->F</A
-></H2
-><DL
-><DT
->failed to store file (error message),
- <A
-HREF="c3402.html#Header_156"
->Error Message: "fs: You don't have the required access rights on 'file'"</A
->
- </DT
-><DT
->file server machines
- </DT
-><DD
-><DL
-><DT
->checking status,
- <A
-HREF="c1095.html#HDRWQ41"
->Checking the Status of Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->files
- </DT
-><DD
-><DL
-><DT
->accessing AFS,
- <A
-HREF="c569.html#HDRWQ34"
->Accessing the AFS Filespace</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->caching,
- <A
-HREF="c113.html#HDRWQ9"
->The Cache Manager</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->denying access,
- <A
-HREF="c113.html#Header_18"
->Multiple Users Modifying Files</A
->,
- <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying location,
- <A
-HREF="c1095.html#HDRWQ40"
->Locating Files and Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->granting access,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->inability to access, copy or save,
- <A
-HREF="c3402.html#HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->sharing,
- <A
-HREF="c113.html#Header_18"
->Multiple Users Modifying Files</A
->,
- <A
-HREF="c113.html#HDRWQ14"
->File Sharing</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->updating,
- <A
-HREF="c113.html#HDRWQ10"
->Updating Copies of Cached Files</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->flags on AFS commands,
- <A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
->
- </DT
-><DT
->foreign cells
- </DT
-><DD
-><DL
-><DT
->accessing,
- <A
-HREF="c569.html#HDRWQ35"
->Accessing Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c113.html#HDRWQ5"
->Cells and Sites</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->enabling access,
- <A
-HREF="c1095.html#HDRWQ42"
->Determining Access to Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->format of AFS pathnames,
- <A
-HREF="c569.html#Header_54"
->AFS Pathnames</A
->
- </DT
-><DT
->fs commands
- </DT
-><DD
-><DL
-><DT
->checkservers,
- <A
-HREF="c1095.html#Header_73"
->To Check File Server Machine Status</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cleanacl,
- <A
-HREF="c2454.html#Header_137"
->To Remove Obsolete ACL Entries</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->copyacl,
- <A
-HREF="c1444.html#Header_108"
->To Copy an ACL Between Directories</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->examine,
- <A
-HREF="c1095.html#Header_67"
->To Display Quota and Other Information about a Volume and Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getserverprefs,
- <A
-HREF="c1095.html#HDRWQ43"
->Displaying Server Preference Ranks</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getting help,
- <A
-HREF="a3812.html#Header_177"
->About the fs Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->help flag,
- <A
-HREF="a3812.html#Header_177"
->About the fs Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->introduction,
- <A
-HREF="a3812.html#Header_177"
->About the fs Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listacl,
- <A
-HREF="c1444.html#HDRWQ53"
->To display an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listcells,
- <A
-HREF="c1095.html#Header_76"
->To Display Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listquota,
- <A
-HREF="c1095.html#Header_65"
->To Display Quota and Other Information about a Volume</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privileges required,
- <A
-HREF="a3812.html#Header_177"
->About the fs Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->quota,
- <A
-HREF="c1095.html#Header_63"
->To Display Percentage of Quota Used</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setacl,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->
- </DT
-><DD
-><DL
-><DT
->completely replacing ACL,
- <A
-HREF="c1444.html#Header_105"
->To Replace an ACL Completely</A
->
- </DT
-><DT
->with -negative flag,
- <A
-HREF="c1444.html#HDRWQ56"
->To Add, Remove, or Edit Negative ACL Permissions</A
->
- </DT
-></DL
-></DD
-><DT
->whereis,
- <A
-HREF="c1095.html#Header_70"
->To Display a File or Directory's Location</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->ftp command,
- <A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5165"
->G</A
-></H2
-><DL
-><DT
->GID, AFS,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DT
->granting access to AFS filespace,
- <A
-HREF="c1444.html#HDRWQ55"
->To Add, Remove, or Edit Normal ACL Permissions</A
->
- </DT
-><DT
->group use of group,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DT
->group-creation quota
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c2454.html#Header_116"
->Group-creation Quota</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->groups
- </DT
-><DD
-><DL
-><DT
->adding members,
- <A
-HREF="c2454.html#HDRWQ68"
->Creating Groups and Adding Members</A
->,
- <A
-HREF="c2454.html#HDRWQ70"
->To Add Members to a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing name,
- <A
-HREF="c2454.html#HDRWQ72"
->Changing a Group's Owner or Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing owner,
- <A
-HREF="c2454.html#HDRWQ72"
->Changing a Group's Owner or Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creating,
- <A
-HREF="c2454.html#HDRWQ68"
->Creating Groups and Adding Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creation quota,
- <A
-HREF="c2454.html#Header_116"
->Group-creation Quota</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creator, displaying,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->deleting,
- <A
-HREF="c2454.html#HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying information,
- <A
-HREF="c2454.html#HDRWQ64"
->Displaying Group Information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group use,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group-owned groups,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listing groups owned,
- <A
-HREF="c2454.html#HDRWQ66"
->To Display the Groups a User or Group Owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->machines as members,
- <A
-HREF="c2454.html#HDRWQ61"
->About Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->naming conventions,
- <A
-HREF="c2454.html#HDRWQ63"
->Group Names</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->owner as administrator,
- <A
-HREF="c2454.html#HDRWQ68"
->Creating Groups and Adding Members</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->owner, displaying,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privacy flags,
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->private use,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing members,
- <A
-HREF="c2454.html#HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rules for assigning ownership,
- <A
-HREF="c2454.html#HDRWQ69"
->To Create a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->self-owned groups,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->shared use,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->groups command,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5230"
->H</A
-></H2
-><DL
-><DT
->help
- </DT
-><DD
-><DL
-><DT
->examples,
- <A
-HREF="a3812.html#Header_180"
->Displaying Command Syntax and Aliases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->online for AFS commands,
- <A
-HREF="a3812.html#HDRWQ89"
->Getting Help in AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->operation code in AFS command suites,
- <A
-HREF="a3812.html#Header_180"
->Displaying Command Syntax and Aliases</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5240"
->I</A
-></H2
-><DL
-><DT
->i ACL permission,
- <A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
->
- </DT
-><DT
->inetd command,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DT
->insert ACL permission,
- <A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
->
- </DT
-><DT
->instances to AFS commands,
- <A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5254"
->K</A
-></H2
-><DL
-><DT
->k ACL permission,
- <A
-HREF="c1444.html#HDRWQ48"
->The Three File Permissions</A
->
- </DT
-><DT
->kas commands
- </DT
-><DD
-><DL
-><DT
->examine,
- <A
-HREF="c569.html#HDRWQ32"
->To Display Your Failed Authentication Limit and Lockout Time</A
->,
- <A
-HREF="c569.html#HDRWQ37"
->To Display Password Expiration Date and Reuse Policy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->keyword for apropos command,
- <A
-HREF="a3812.html#Header_181"
->Displaying Operation Code Descriptions</A
->
- </DT
-><DT
->klog command,
- <A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
->
- </DT
-><DT
->knfs command,
- <A
-HREF="a3632.html#HDRWQ83"
->To Authenticate on an Unsupported Operating System</A
->
- </DT
-><DT
->kpasswd command,
- <A
-HREF="c569.html#Header_59"
->To Change Your AFS Password</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5276"
->L</A
-></H2
-><DL
-><DT
->l ACL permission,
- <A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
->
- </DT
-><DT
->lifetime of tokens,
- <A
-HREF="c569.html#HDRWQ28"
->Token Lifetime</A
->
- </DT
-><DT
->limits on authentication attempts,
- <A
-HREF="c569.html#HDRWQ32"
->To Display Your Failed Authentication Limit and Lockout Time</A
->
- </DT
-><DT
->ln command,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->
- </DT
-><DT
->local cell, defined,
- <A
-HREF="c113.html#HDRWQ5"
->Cells and Sites</A
->
- </DT
-><DT
->local machine,
- <A
-HREF="c113.html#HDRWQ4"
->AFS Filespace and Local Filespace</A
->
- </DT
-><DT
->local password file (/etc/passwd),
- <A
-HREF="c113.html#HDRWQ15"
->Login and Authentication</A
->
- </DT
-><DT
->lock ACL permission,
- <A
-HREF="c1444.html#HDRWQ48"
->The Three File Permissions</A
->
- </DT
-><DT
->logging in,
- <A
-HREF="c569.html#HDRWQ22"
->Logging In</A
->
- </DT
-><DT
->logging out,
- <A
-HREF="c569.html#HDRWQ33"
->Exiting an AFS Session</A
->
- </DT
-><DT
->login utility,
- <A
-HREF="c113.html#Header_28"
->Differences in the Semantics of Standard UNIX Commands</A
->,
- <A
-HREF="c569.html#HDRWQ22"
->Logging In</A
->
- </DT
-><DT
->lookup ACL permission,
- <A
-HREF="c1444.html#HDRWQ47"
->The Four Directory Permissions</A
->
- </DT
-><DT
->lost contact with fileserver (error message),
- <A
-HREF="c3402.html#HDRWQ79"
->Error Message: "afs: Lost contact with fileserver"</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5318"
->M</A
-></H2
-><DL
-><DT
->m privacy flag on groups,
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->
- </DT
-><DT
->machines
- </DT
-><DD
-><DL
-><DT
->as members of groups,
- <A
-HREF="c2454.html#HDRWQ61"
->About Groups</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->client,
- <A
-HREF="c113.html#Header_9"
->Client/Server Computing</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->server,
- <A
-HREF="c113.html#Header_9"
->Client/Server Computing</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->mode bits (UNIX)
- </DT
-><DD
-><DL
-><DT
->interpretation in AFS,
- <A
-HREF="c1444.html#HDRWQ59"
->How AFS Uses the UNIX Mode Bits</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->mount points defined,
- <A
-HREF="c113.html#HDRWQ6"
->Volumes and Mount Points</A
->
- </DT
-><DT
->mutual authentication,
- <A
-HREF="c113.html#HDRWQ12"
->Passwords and Mutual Authentication</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5341"
->N</A
-></H2
-><DL
-><DT
->negative ACL permissions
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->NFS
- </DT
-><DD
-><DL
-><DT
->accessing AFS from client,
- <A
-HREF="a3632.html"
->Using the NFS/AFS Translator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->issuing AFS commands on NFS client machine,
- <A
-HREF="a3632.html#HDRWQ81"
->Requirements for Using the NFS/AFS Translator</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->NFS/AFS Translator,
- <A
-HREF="a3632.html"
->Using the NFS/AFS Translator</A
->
- </DT
-><DT
->none shorthand for ACL permissions,
- <A
-HREF="c1444.html#Header_86"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DT
->normal ACL permissions
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5367"
->O</A
-></H2
-><DL
-><DT
->o privacy flag on groups,
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->
- </DT
-><DT
->online help,
- <A
-HREF="a3812.html#HDRWQ89"
->Getting Help in AFS</A
->
- </DT
-><DT
->operation codes in AFS commands
- </DT
-><DD
-><DL
-><DT
->abbreviating,
- <A
-HREF="a3812.html#Header_172"
->Abbreviations and Aliases for Operation Codes</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5381"
->P</A
-></H2
-><DL
-><DT
->PAG,
- <A
-HREF="c569.html#HDRWQ25"
->Protecting Your Tokens with a PAG</A
->
- </DT
-><DT
->passwd
- </DT
-><DD
-><DL
-><DT
->command,
- <A
-HREF="c569.html#Header_60"
->To Change Your UNIX Password</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file,
- <A
-HREF="c113.html#HDRWQ15"
->Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->password,
- <A
-HREF="c113.html#HDRWQ12"
->Passwords and Mutual Authentication</A
->
- </DT
-><DD
-><DL
-><DT
->changing AFS,
- <A
-HREF="c569.html#Header_59"
->To Change Your AFS Password</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->changing UNIX,
- <A
-HREF="c569.html#Header_60"
->To Change Your UNIX Password</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->expiration date, displaying,
- <A
-HREF="c569.html#HDRWQ37"
->To Display Password Expiration Date and Reuse Policy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->reuse policy, displaying,
- <A
-HREF="c569.html#HDRWQ37"
->To Display Password Expiration Date and Reuse Policy</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->pathnames,
- <A
-HREF="c569.html#Header_54"
->AFS Pathnames</A
->
- </DT
-><DT
->permissions on ACL
- </DT
-><DD
-><DL
-><DT
->defined,
- <A
-HREF="c1444.html#HDRWQ46"
->The AFS ACL Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c1444.html#HDRWQ52"
->Displaying an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->normal vs. negative,
- <A
-HREF="c1444.html#HDRWQ49"
->About Normal and Negative Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setting,
- <A
-HREF="c1444.html#HDRWQ54"
->Changing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->shorthand for,
- <A
-HREF="c1444.html#Header_86"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->privacy flags on groups,
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->
- </DT
-><DT
->private use of group,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DT
->process authentication group (PAG),
- <A
-HREF="c569.html#HDRWQ25"
->Protecting Your Tokens with a PAG</A
->
- </DT
-><DT
->protection
- </DT
-><DD
-><DL
-><DT
->for files and directories,
- <A
-HREF="c1444.html#HDRWQ45"
->Access Control Lists</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->group-related information,
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->Protection Database,
- <A
-HREF="a3812.html#Header_178"
->About the pts Commands</A
->
- </DT
-><DT
->pts commands
- </DT
-><DD
-><DL
-><DT
->adduser,
- <A
-HREF="c2454.html#HDRWQ70"
->To Add Members to a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->cell argument,
- <A
-HREF="a3812.html#Header_178"
->About the pts Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->chown,
- <A
-HREF="c2454.html#HDRWQ73"
->To Change a Group's Owner</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->creategroup,
- <A
-HREF="c2454.html#HDRWQ69"
->To Create a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->delete,
- <A
-HREF="c2454.html#Header_135"
->To Delete a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->examine,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->force flag,
- <A
-HREF="a3812.html#Header_178"
->About the pts Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getting help,
- <A
-HREF="a3812.html#Header_178"
->About the pts Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->help flag,
- <A
-HREF="a3812.html#Header_178"
->About the pts Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listowned,
- <A
-HREF="c2454.html#HDRWQ66"
->To Display the Groups a User or Group Owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->membership,
- <A
-HREF="c2454.html#HDRWQ65"
->To Display Group Membership</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->privilege required,
- <A
-HREF="a3812.html#Header_178"
->About the pts Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removeuser,
- <A
-HREF="c2454.html#Header_133"
->To Remove Members from a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->rename,
- <A
-HREF="c2454.html#Header_144"
->To Change a Group's Name</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->setfields,
- <A
-HREF="c2454.html#HDRWQ75"
->To Set a Group's Privacy Flags</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5468"
->Q</A
-></H2
-><DL
-><DT
->quitting an AFS session,
- <A
-HREF="c569.html#HDRWQ33"
->Exiting an AFS Session</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5473"
->R</A
-></H2
-><DL
-><DT
->r ACL permission,
- <A
-HREF="c1444.html#HDRWQ48"
->The Three File Permissions</A
->
- </DT
-><DT
->r privacy flag on groups,
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->
- </DT
-><DT
->rcp command,
- <A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
->
- </DT
-><DT
->read ACL permission,
- <A
-HREF="c1444.html#HDRWQ48"
->The Three File Permissions</A
->
- </DT
-><DT
->read shorthand for ACL permissions,
- <A
-HREF="c1444.html#Header_86"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DT
->remote commands,
- <A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
->
- </DT
-><DT
->removing
- </DT
-><DD
-><DL
-><DT
->all ACL entries,
- <A
-HREF="c1444.html#HDRWQ57"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->obsolete ACL entries,
- <A
-HREF="c2454.html#HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->users from groups,
- <A
-HREF="c2454.html#HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->replacing
- </DT
-><DD
-><DL
-><DT
->all entries on ACL,
- <A
-HREF="c1444.html#HDRWQ57"
->Completely Replacing an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->root of AFS filespace,
- <A
-HREF="c113.html#HDRWQ4"
->AFS Filespace and Local Filespace</A
->
- </DT
-><DT
->rsh command,
- <A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
->
- </DT
-><DT
->rules for assigning group names,
- <A
-HREF="c2454.html#HDRWQ69"
->To Create a Group</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5514"
->S</A
-></H2
-><DL
-><DT
->s privacy flag on groups,
- <A
-HREF="c2454.html#HDRWQ74"
->Protecting Group-Related Information</A
->
- </DT
-><DT
->saving files
- </DT
-><DD
-><DL
-><DT
->inability to,
- <A
-HREF="c3402.html#HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->on inaccessible file server machines,
- <A
-HREF="c1095.html#HDRWQ41"
->Checking the Status of Server Machines</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->security in AFS,
- <A
-HREF="c113.html#HDRWQ11"
->AFS Security</A
->
- </DT
-><DT
->self-owned group,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DT
->server machines defined,
- <A
-HREF="c113.html#Header_9"
->Client/Server Computing</A
->
- </DT
-><DT
->setpag argument to klog command,
- <A
-HREF="c569.html#HDRWQ25"
->Protecting Your Tokens with a PAG</A
->
- </DT
-><DT
->setting permissions on ACL,
- <A
-HREF="c1444.html#HDRWQ54"
->Changing an ACL</A
->
- </DT
-><DT
->shared use of group,
- <A
-HREF="c2454.html#HDRWQ62"
->Suggestions for Using Groups Effectively</A
->
- </DT
-><DT
->shorthand notation for ACL permissions,
- <A
-HREF="c1444.html#Header_86"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-><DT
->site defined,
- <A
-HREF="c113.html#HDRWQ5"
->Cells and Sites</A
->
- </DT
-><DT
->status of file server machines,
- <A
-HREF="c1095.html#HDRWQ41"
->Checking the Status of Server Machines</A
->
- </DT
-><DT
->subdirectories, accessing,
- <A
-HREF="c1444.html#Header_81"
->Directory Level Access Control</A
->,
- <A
-HREF="c1444.html#Header_90"
->Enabling Access to Subdirectories</A
->
- </DT
-><DT
->suite, defined for AFS command,
- <A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
->
- </DT
-><DT
->switches on AFS commands
- </DT
-><DD
-><DL
-><DT
->abbreviating,
- <A
-HREF="a3812.html#Header_174"
->Shortening Switches and Flags</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="a3812.html#HDRWQ87"
->AFS Command Syntax</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->omitting,
- <A
-HREF="a3812.html#Header_173"
->Omitting Argument Switches</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->syntax of AFS commands described,
- <A
-HREF="a3812.html"
->AFS Command Syntax and Online Help</A
->
- </DT
-><DT
->system groups
- </DT
-><DD
-><DL
-><DT
->using on ACLs,
- <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->system:administrators group,
- <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
->
- </DT
-><DT
->system:anyuser group
- </DT
-><DD
-><DL
-><DT
->controlling access by foreign users,
- <A
-HREF="c569.html#HDRWQ35"
->Accessing Foreign Cells</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->using on ACLs,
- <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->system:authuser group,
- <A
-HREF="c1444.html#HDRWQ50"
->Using the System Groups on ACLs</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5586"
->T</A
-></H2
-><DL
-><DT
->tokens
- </DT
-><DD
-><DL
-><DT
->as proof of authentication,
- <A
-HREF="c113.html#HDRWQ12"
->Passwords and Mutual Authentication</A
->,
- <A
-HREF="c569.html#HDRWQ24"
->Authenticating with AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->command,
- <A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->destroying,
- <A
-HREF="c569.html#HDRWQ33"
->Exiting an AFS Session</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying,
- <A
-HREF="c569.html#HDRWQ30"
->To Display Your Tokens</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->getting,
- <A
-HREF="c569.html#HDRWQ29"
->To Authenticate with AFS</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->lifetime,
- <A
-HREF="c569.html#HDRWQ28"
->Token Lifetime</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->use in mutual authentication,
- <A
-HREF="c113.html#HDRWQ12"
->Passwords and Mutual Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->troubleshooting
- </DT
-><DD
-><DL
-><DT
->accidental removal from ACL,
- <A
-HREF="c3402.html#HDRWQ78"
->Problem: Accidentally Removed Your Entry from an ACL</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->error messages,
- <A
-HREF="c3402.html#HDRWQ79"
->Error Message: "afs: Lost contact with fileserver"</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->inability to access, copy or save file,
- <A
-HREF="c3402.html#HDRWQ77"
->Problem: Cannot Access, Copy, or Save File</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5613"
->U</A
-></H2
-><DL
-><DT
->UID, AFS,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DT
->unauthenticating,
- <A
-HREF="c569.html#HDRWQ33"
->Exiting an AFS Session</A
->
- </DT
-><DT
->UNIX, differences with AFS
- </DT
-><DD
-><DL
-><DT
->commands,
- <A
-HREF="c113.html#HDRWQ18"
->Remote Commands</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file access/protection,
- <A
-HREF="c113.html#HDRWQ16"
->File and Directory Protection</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->file transfer,
- <A
-HREF="c113.html#HDRWQ14"
->File Sharing</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->login,
- <A
-HREF="c113.html#HDRWQ15"
->Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->mode bits, interpretation,
- <A
-HREF="c1444.html#HDRWQ59"
->How AFS Uses the UNIX Mode Bits</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->passwords,
- <A
-HREF="c113.html#HDRWQ15"
->Login and Authentication</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->sharing files,
- <A
-HREF="c113.html#HDRWQ14"
->File Sharing</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->unlog command,
- <A
-HREF="c569.html#Header_50"
->To Discard Tokens</A
->
- </DT
-><DT
->users
- </DT
-><DD
-><DL
-><DT
->account lockout time,
- <A
-HREF="c569.html#HDRWQ32"
->To Display Your Failed Authentication Limit and Lockout Time</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->adding as group members,
- <A
-HREF="c2454.html#HDRWQ70"
->To Add Members to a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying group information,
- <A
-HREF="c2454.html#HDRWQ64"
->Displaying Group Information</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying number of group memberships,
- <A
-HREF="c2454.html#HDRWQ67"
->To Display A Group Entry</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->listing groups owned,
- <A
-HREF="c2454.html#HDRWQ66"
->To Display the Groups a User or Group Owns</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->removing from groups,
- <A
-HREF="c2454.html#HDRWQ71"
->Removing Users from a Group and Deleting a Group</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5654"
->V</A
-></H2
-><DL
-><DT
->volume quota,
- <A
-HREF="c1095.html#HDRWQ39"
->Displaying Volume Quota</A
->
- </DT
-><DD
-><DL
-><DT
->displaying percentage used,
- <A
-HREF="c1095.html#Header_63"
->To Display Percentage of Quota Used</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->displaying with other information,
- <A
-HREF="c1095.html#Header_65"
->To Display Quota and Other Information about a Volume</A
->,
- <A
-HREF="c1095.html#Header_67"
->To Display Quota and Other Information about a Volume and Partition</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-><DT
->volumes
- </DT
-><DD
-><DL
-><DT
->accessing via mount points,
- <A
-HREF="c113.html#HDRWQ6"
->Volumes and Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->defined,
- <A
-HREF="c113.html#HDRWQ6"
->Volumes and Mount Points</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-><DT
->volume/mount point interaction,
- <A
-HREF="c113.html#HDRWQ7"
->Volume Quotas</A
->
- </DT
-><DD
-><DL
-></DL
-></DD
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5672"
->W</A
-></H2
-><DL
-><DT
->w ACL permission,
- <A
-HREF="c1444.html#HDRWQ48"
->The Three File Permissions</A
->
- </DT
-><DT
->write ACL permission,
- <A
-HREF="c1444.html#HDRWQ48"
->The Three File Permissions</A
->
- </DT
-><DT
->write shorthand for ACL permissions,
- <A
-HREF="c1444.html#Header_86"
->Shorthand Notation for Sets of Permissions</A
->
- </DT
-></DL
-></DIV
-><DIV
-CLASS="indexdiv"
-><H2
-CLASS="indexdiv"
-><A
-NAME="AEN5683"
->Y</A
-></H2
-><DL
-><DT
->you don't have the required access rights (error message),
- <A
-HREF="c3402.html#Header_155"
->Error Message: "command: Connection timed out"</A
->
- </DT
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="NAVFOOTER"
-><HR
-ALIGN="LEFT"
-WIDTH="100%"><TABLE
-SUMMARY="Footer navigation table"
-WIDTH="100%"
-BORDER="0"
-CELLPADDING="0"
-CELLSPACING="0"
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
-><A
-HREF="g4153.html"
-ACCESSKEY="P"
->Prev</A
-></TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-><A
-HREF="book1.html"
-ACCESSKEY="H"
->Home</A
-></TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-> </TD
-></TR
-><TR
-><TD
-WIDTH="33%"
-ALIGN="left"
-VALIGN="top"
->Glossary</TD
-><TD
-WIDTH="34%"
-ALIGN="center"
-VALIGN="top"
-> </TD
-><TD
-WIDTH="33%"
-ALIGN="right"
-VALIGN="top"
-> </TD
-></TR
-></TABLE
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
--- /dev/null
+<html>
+<head>
+<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
+<title>OpenAFS Documentation</title>
+</head>
+
+<body bgcolor=white lang=EN-US link=blue vlink=purple>
+
+<div class=Section1>
+
+<p>
+<a href="http://www.openafs.org/">
+<img border=0 width=201 height=139 src="logo.jpg" align=left title="www.openafs.org"></a>
+<a name="Top_Of_Page"></a></p>
+
+<p> </p>
+<p> </p>
+
+<h1>Documentation</h1>
+
+<p> </p>
+<p> </p>
+
+<p>Welcome to the OpenAFS Documentation set!</p>
+
+<h3>Documentation:</h3>
+
+<ul>
+<li>Release Notes:
+ <ul>
+<!-- <li><a href="ReleaseNotesUnix/index.html">Unix</a></li> -->
+ <li><a href="ReleaseNotesWindows/index.html">Microsoft Windows</a></li>
+ </ul>
+</li>
+<li>Quick Start Guides:
+ <ul>
+ <li><a href="QuickStartUnix/index.html">Unix</a></li>
+ <li><a href="http://www.dementia.org/twiki/bin/view/AFSLore/WindowsEndUserQuickStartGuide">Microsoft Windows</a></li>
+ </ul>
+</li>
+<li><a href="UserGuide/index.html">User Guide</a></li>
+<li><a href="AdminGuide/index.html">Administrator Guide</a></li>
+<li><a href="Reference/index">Reference Manual</a></li>
+</ul>
+<a name="Bot_Of_Page"></a>
+
+</div>
+
+</body>
+
+</html>
+
+
+
+
projects / packages / o / openafs.git / commitdiff
